Thursday, April 30, 2009

The Only Way to Process Secure Online Transactions...



With news coming out of Washington that the U.S. economy, as measured by the gross domestic product (GDP), fell by 6.1% for the first quarter of 2009, it looks like the Great Recession isn’t going away anytime soon.

In addition, with unemployment inching up toward 10% and home foreclosures still on the rise, a jump in credit card fraud is the last thing that American consumers need, but that’s exactly what they’re getting.

As Credit and Debit card scam artists are becoming more brazen and more creative, U.S. credit card holders are growing more anxious.

According to a 2009 survey by Unisys Security Index, approximately 75 percent of Americans believe that the global financial crisis increases their risk of identity and related fraud.   More than two-thirds surveyed said they are extremely concerned about other people obtaining and using their credit and debit card data, with 90 percent at least somewhat concerned.

Unisys adds that credit and debit card fraud is the top security concern for people, with 68 percent saying they are extremely or very concerned; 66 percent said they are seriously concerned about unauthorized access to or misuse of personal information.

So how can credit card holders protect their cards and their money?   (Hint, one of the devices on the left "Stops Hacking"... the other one "Causes It"

Rest assured, both are deadly to hackers.


So how do you protect cardholder data when conducting online transactions? There's only one secure way to do it.  Albeit, there's a lot of articles published that recommend the following to conduct secure online transactions:  Here's a direct quote from one of them:

"When online, use only secure sites, especially when using your credit card online. Be sure to check the URL of the site’s purchase page as well, which will always read “https” if it is secured."

The fact is, that statement is not even close to being entirely true.  "https:// has already  been demonstrated to being insecure and subject to hack attacks"  And because it's already been compromised, you will never know whether or not your transaction is secure irregardless of whether it reads http:// or "https"  Therefore, I'd strongly advise you to "scratch that advice."  Simply put...it's httbs://


See the pic on the right? (click to enlarge and take a look at the address)

I blogged  about the hole in "https" a while back.  I think I called it "httbs" at that time too. Yes,  I checked and I did...way back on January 2nd...in a post entitled:
Browsers and -Commerce  Don't Mix. 

As I've stated numerous times on this blog, there is only "one" way to secure your cardholder data when shopping online. Via a hardware device.  If you want to protect your cardholder data, then you MUST keep your cardholder data OFF the web.  It cannot be typed, it cannot be mouse clicked, it cannot be cut and pasted.  It cannot be on the web...period. 

In order to do it "outside the browser space: you'll need to Swipe your card in a 3DES end to end encrypted magnetic stripe reader which hopefully, then encrypts ALL the track 2 data.  To secure the transaction with another layer, you could add two-factor authentication (2FA) by entering your PIN,  which should also be end to end encrypted.  To protect your data even more, experts recommend the use of DUKPT key management which assigns a unique key "each" transaction.  The value is that if a hacker were to somehow breach their way through all that security, they would only have access to "ONE" transaction. 


There's only "ONE" company in the world who manufactures a  PCI 2.0 Certified magnetic card reader WITH PIN Entry Device for eCommerce.  That'd be HomeATM. 

That's it.  So...remember, don't type, swipe.  If you can see it on your screen,  then so can the bad guys.

There's myriad ways for them to do that.  Here's a select few:  zombies, worms, malware, malicious code, DNS Hijacking, Click Jacking, Key-logging, Memory Scraping, Screen Scraping, Cloned Websites, Data Hijacking, Remote control access, etc. etc. etc.  Remember the line from Field of Dreams?  If you build it they will come?  Here's one to remember for the web: If you type it, they will swipe it.  

Question:  If your cardholder data is going to be "eventually" swiped anyway, shouldn't you be the one doing the "SwipePIN?"









Reblog this post [with Zemanta]

Banking / Finance News
Source: Computing
Complete item: http://www.computing.co.uk/computing/news/2241443/chip-pin-security-goes-trial-4632986

Description:
A trial that could prove to be a test case for the security of chip-and-PIN card technology starts today.

Alain Job is suing Halifax, claiming that a fraudster withdrew £2,100 from his account at cash machines despite the fact he did not lose his card and changed his PIN as soon as he received it. The bank refused to refund the money, claiming that its chip-and-PIN system is secure.

Reblog this post [with Zemanta]

Western Union to Pilot Mobile Bill Payment

Newsflash from Finextra.com.

30/04/2009 15:37:00
WESTERN UNION, CPS AND VERISIGN PILOT MOBILE BILL PAYMENT SERVICE

Western Union has teamed with VeriSgn to pilot a system that enables Consumer Portfolio Services (CPS) customers to trigger their monthly car payments directly from their mobile phones.

More on this story: http://www.finextra.com/fullstory.asp?id=19987

Merchants On "Warpath" Against Interchange

HOME DEPOT EXEC: MERCHANTS ON ‘WARPATH’ AGAINST INTERCHANGE FEES
Merchants are "on the warpath" to push for legislation that would cut or cap credit and debit card interchange rates this year, Mario de Armas, director of international and interchange financial services at The Home Depot Inc., told attendees this week during a panel discussion at Source Media's 21st annual Card Forum and Expo at Marco Island, Fla.

"The cost for us to accept credit and debit cards continues to rise, and we have to pass those costs on to our consumer and commercial customers ... who can least afford it in this economy," de Armas said, adding that " Visa and MasterCard have done a very poor job of communicating the value of what interchange provides."

He noted that interchange began as a more clearly defined subsidy to help cover the cost of electronic payments, then mushroomed to become "a profit center for banks."  De Armas said Home Depot plans to drop its co-branded MasterCard issued by Citigroup Inc., noting customers purchase more with the company's proprietary credit card (also issued by Citi).

Moreover, the company is looking into why its payment terminals require cardholders to opt out of signature-debit if they want to use less-expensive PIN-debit instead.


Editor's Note to Internet Retailers:  Want to accept TRUE PIN Debit on your website and benefit from the lower Interchange associated with 2FA PIN Based transactions?  How about "card present" credit card Interchange rates?  We can "steer" you in the right direction with HomeATM's patented PCI 2.0 Certified platform.  Send me an email to discuss further...

Panelist William W. Shaw, group vice president at Roanoke, Va.-based First Citizens Bank, which is both a credit card issuer and an acquirer, said on the issuing side he is "very concerned" about the possibility of interchange-rate caps. "It seems we're moving further and further away from free enterprise, ... and I'm very concerned about capping anything, from the free-enterprise side of it." On the acquiring side, when credit card networks reset rates each year, "it's hugely expensive," and the system is "too complex," he said.

Panel moderator Adil Moussa, an analyst with consultancy Aite Group, said recent research from his organization found that some 28% of U.S. merchants routinely attempt to steer customers toward lower-cost payment options at the point of sale to offset the effects of interchange. Home Depot, a member of the Merchants Payments Coalition, is working closely with other merchants on lobbying efforts, de Armas said, noting he is "cautiously optimistic" that lawmakers will draft legislation this year that could lead to a reduction or elimination of interchange.


- Banking / Finance News
Source: spamfighter
Complete item: http://www.spamfighter.com/News-12275-New-Phishing-Scam-Selects-First-Dakota-National-Bank-for-Target.htm

Description:
U.S. based First Dakota National Bank released a news item in the media last week alerting customers of a phishing e-mail that spoofs the Bank's name.

The scam e-mail claims that there is a new message for the recipient from the bank...to read it she/he must log into her/his online account with First Dakota and go to the Message Center Section.  In an e-mail that reads: "First Dakota National Bank Online Banking," the recipient is asked to follow a given link.

But when the user clicks the link, she/he is directed to an Internet site that informs the user that the bank has restricted her/his online banking account. The site then asks for personal information like name, zip code, e-mail address and banking details like debit card number.

Editor's Note:  Well, simpy put, these guys are "rookies". 

The "veteran's" would have you click a link that takes you to a cloned replica of the bank's original website.  

The "professionals" would not even bother phishing, they would simply perform DNS Hijacking to a perfectly cloned site...when user's logged onto their online banking website, the pro's would be able to obtain username's and passwords.  The pro's would then go to the the genuine site and have complete access to the account.


That is why bank's need our PCI 2.0 PIN Entry Device for secure log-in.  They issue the card, they issue the PIN, so why the Username/Passe'word?  Swipe the card, enter the PIN.  You can't do it if you don't have the card and you can't do it if you don't have the PIN.  That's what 2FA is all about.   HomeATM's SafeTPIN is capable of stopping the professionals and the veteran's.  The rookies might still get away with the occassional phishing attack, but never if consumers were instructed by their banks to always be SwipePIN. 

As I've been prone to say in the past.  It's inevitable that someone will be SwipePIN cardholder data...shouldn't it be the cardholder?




Reblog this post [with Zemanta]

PayPal Has Good Q1, eBay Not So Much and Skype Hyped for IPO



Last week, eBay announced first quarter 2009 revenue of $2.02 billion, a $171.6 million year-over-year decreaseeBay's marketplace sales dropped 18% in Q1  while Amazon's gained 18%.  According to eBay, PayPal and Skype performed well with year-over-year revenue growth.

eBay sees strength for PayPal, expecting the online payment processor to more than double its revenue in the next few years.

The Payments business unit reported a strong quarter with $643.0 million in revenue, an increase of 11 percent year-over-year. Net total payment volume (TPV) for the quarter was $15.86 billion, an increase of 10 percent. The revenue and net TPV growth was driven by continued momentum in PayPal Merchant Services and the contribution made by Bill Me Later, according to eBay.


Continued increases in PayPal penetration on eBay helped offset the negative impact of gross merchandise volume (GMV) on revenue and TPV. Active registered accounts reached 73.1 million, an increase of 22 percent year-over-year. The Payments business will continue to focus on the acquisition of new merchants, greater penetration into the Marketplaces business and the growth of Bill Me Later.

Meanwhile, Skype contributed $153.2 million in revenue for the quarter, representing 21 percent year-over-year growth. Skype added 37.9 million new users during the quarter and ended the period with more than 443.2 million registered users. In addition to growing its user base, Skype is focused on product strategies to enhance customer engagement.

On April 14, 2009, eBay Inc. announced plans to separate Skype into an independent company during the first half of 2010, via an initial public offering.
  It might be a good idea to do the same for PayPal.  If so, I'd certainly put PayPal first on the list and continue to build some Skype Hype. 

Reblog this post [with Zemanta]

Airlines lost $1.4 Billion to Online Fraud...HomeATM Can Help!

April 29, 2009 - 3:19pm | author: Petrony | Fraud | News
HomeATM's PCI 2.0 certified payment solution is available to airlines via Universal Air Travel Plan's payment platform.  I humbly suggest they take a closer look.  What's that old line?  Oh, I know: $1.4 Billion Saved is $1.4 Billion Earned! 
Are chargebacks the problem?  Maybe.  Is the fact that credit card companies withhold millions of dollars in usable revenue the problem?  Maybe.  I could use logic to go on and on, but I'd rather just say that we would solve the aforementioned problems immediately, in fact yesterday. 

You can't change the  past, but you CAN change the present.  What's the future?  Some say the present creates the future...I say the future should include "card presence."  Airlines have an choice.  What's the alternative?  We've talked in the past...and at the time...you passed.  Don't let the "passed" get in the way!   We can make this profitable.  Speaking of prophets, I know that the future is laced with more losses from online fraud...or more gains from card "present" TRUE PIN Debit from HomeATM. 

We hadn't yet spread our  PCI 2.0 wings when we last talked...now it's a whole new ballgame and together we can make this fly!   Come Fly with HoMEATM :)


Airlines lost $1.4 Billion as a result of online fraud

The survey commissioned by Mountain View, Calif.-based CyberSource Corp. and Airline Information LLC, producer of conferences and publications about commercial aviation, showed that in 2008 airlines lost more than $1.4 billion to online fraudsters, which makes about 1.3% of their Web-generated revenues.

One of the most popular frauds related to the online airline purchase was determined to be when a fraudster buys a ticket in the name of another person using the information from a stolen card, and then sells the ticket with a discount to another person.

Moreover, the survey showed that airline fraud often involves the cardholder not traveling, international, single-passenger and one-way travel deals.

The average revenue loss rate on airline Web sites made 1.3%. Carriers with the least experience in selling tickets online had higher fraud rates, as well as, carriers catering more to low-fare leisure travelers, rather than to full-fare and business travelers. Moreover, it was revealed that 30% of online bookings required additional manual review and verification. On average carriers used 5.8 fraud-detection tools.

Another data found as a result of the survey was that airlines reject 2.8% of their online bookings on average.

Results are based on online surveys of airline executives with fraud-control responsibilities and follow-up phone interviews conducted between Dec. 1 and Jan. 16 that resulted in 99 qualified responses. Carriers participating in the survey ranged from large to small companies all around the world. Participating carriers had combined online sales of $40 billion last year, about 25% of the industry’s online total.



Reblog this post [with Zemanta]

Wednesday, April 29, 2009

Gartner Alerts: Subscription Based


HomeATM believes that Gartner is among the top payment/security analysts in the business.  As a new feature to the PIN Payments Blog we will share their latest analysis.  Keep in mind you must subscribe in order to read Gartner's entire alerts, but this should give you an idea as to what they consider important:  Whether you do or not is entirely up to you.  One thing's for sure.  If you enter a PIN on the web, make sure it's hardware based!

Gartner Information Security Summit
21 September 2009 |

The Gartner IT Security Summit will enable you to create a layered approach combining risk management, compliance, secure business enablement and infrastructure protection. Hear the latest analysis revealing market trends, opportunities and threats.

PC Remote Control Security: Risks and Recommendations
29 April 2009 | Cosgrove, Terrence; Girard, John

IT organizations rely on PC remote control to provide support to users on a variety of office and mobile platforms. Gartner provides recommendations and controls to avoid damage to your organization's security perimeter.


Reblog this post [with Zemanta]

Visa Immune to Recession - Profit UP 71%!

It was the FIRST quarter since Visa was founded that debit payment VOLUME exceeded credit payment volume.  Not the number of transactions, but the volume.  The paradigm shift continues...


Here's the press release:

BOSTON — Visa Inc.'s fiscal second-quarter profit rose nearly 71 percent, beating Wall Street expectations, as cost cuts and international gains offset U.S. consumers' growing reluctance to use credit cards during a recession.

The world's largest electronic payment network today also said it expects a slight improvement in its full-year fiscal 2009 profit margin compared with its earlier guidance.

San Francisco-based Visa reported net income for the three months ended March 31 of $536 million, or 71 cents per share. That's up from $314 million, or 39 cents per share, in the year-earlier quarter.

Not counting one-time items including restructuring and amortization expenses, Visa's adjusted profit was $553 million, or 73 cents per share. On that basis, analysts surveyed by Thomson Reuters expected a profit of 64 cents per share, on average.

Revenue rose 13 percent to $1.64 billion, slightly ahead of analysts' forecast of $1.61 billion, and in line with the company's expectations. Visa earns revenue primarily from fees it charges to process payments made with credit and debit cards, which has enabled it to weather the recession better than banks that issue credit cards and make loans.

Despite its growing profit and revenue, Visa's payments volume dipped 1 percent to $675 billion for the period ended Dec. 31 — Visa reports some operational results on a three-month lag. The U.S. payment volume decline was slightly
steeper than the overall decline, but was partly offset by growth in other regions of the world that are increasingly embracing credit and debit payments over cash and checks. Total cards carrying the Visa brands rose 8 percent over a year ago, to more than 1.7 billion.

The shift to electronic payments "continues unabated" despite the recession, Chairman and Chief Executive Joseph Saunders told analysts on a conference call.

While calling Visa "resilient" amid the sour economy, Saunders conceded his company "is not immune."

For example, Visa reported increasing consumer reliance on debit transactions rather than credit, with less spent per transaction, as consumers become more conservative. The quarter that ended Dec. 31 marked the first since Visa was founded in the 1970s that U.S. debit payment volume exceeded credit payment volume.

Continue Reading


Reblog this post [with Zemanta]

Privacy is Dead, Long Live the PIN


In an article written for CNET, John Lowensohn writes about HomeATM at Finovate. Here are some excerpts and I've taken the liberty to clarify a few miscues in the article:

by Josh Lowensohn
What'ssomething we often use for security in the real world but not online?PIN codes. We use them at stores, banks, and ATMs, so why not use themonline? For one, a QWERTYkeyboardlets you create a much stronger, and often easier-to-remember passwordthan you could with numerical digits. 

But PINs are still a password andcan be just as good as a password with the right precautions.  He then goes on to feature HomeATM as one of the companies at FinovateStartup conference doing just that.
HomeATM

The HomeATM plugs into your USB port and lets you make purchases and transfer money instantly--and securely.

HomeATM.net is ATM hardware for the Web. It's a physical piece of hardware you have to lug around with you.   Editor's Note:  To be sure, I know that "lug" is the NOT the proper term, (dictionary.com: LUG: 1. to pull or carry with force or effort: to lug a suitcase upstairs)  as our device is less than the size of a business card (see picture above left) and weighs less than an ounce.   The HomeATM device more than comfortably sits in your shirt pocket and since it's designed for eCom use and hooks to your laptop it readily fits in any compartment of your laptop case, let alone a purse or briefcase. 


You securely enter your PIN or swipe your debit card to use for P2P money exchanges and purchases on commerce sites. Editor's Note:  It also serves as an "authenticator" and an "enabler."   It is designed as a 2FA (two factor authentication)  module.  Banks issue your card and they issue your PIN.  So why are we entering: Username/Password when we could simply swipe the bank issued card and enter the bank issued PIN for secure authentication to the bank's online banking website?   Once authenticated, it "enables" the consumer to

  • 1. Securely purchase goods online,
  • 2. Securely transfer money in real-time from bank account to bank account or person to person or Business to Business, or yes, Consumer to Business and Business to Consumer...using "ANY US Bankcard" 
  • 3. Securely use the online banking services, i.e. Bill Payments.  It is the razor and the bank's online services are the blades. 
The payoff is that, unlike money-transfer systems that go off the credit and check system (which can take up to three days to clear), the money gets transferred immediately. All the while your data isn't compromised by things like keyloggers or screen-grabbing tools.

Josh continue the article by saying: "The only downside is that you and the person you're sending the money to need to have the hardware."  Editor's Note:  That's not entirely true.  The sender could load the money onto a recipients card or even third party reloadable card and they could immediately have access to the cash.   (Of course the downside would be that both the sender and the recipient "would  need to "lug around" a debit, credit or reloadable card" lol)  

Besides, the price for our "key injected" thus "pre-encrypted" secure hardware swiping device WITH a PIN Pad is less ($12) than the price you would pay for simply injecting the PIN Pad. (usually around $20) and that would be AFTER spending several hundred dollars for a POS device AND another $100 plus for the PIN Pad 

So, I don't know...whaddya think?  Maybe there's some inherent value to "lugging" around our PCI 2.0 Certified PED. 

Oh...and while I'm on the subject, one more thing.  The device that we manufacturer specifically for use with ANY mobile phone "enables" your "smart phone" (i.e. iPhone, Blackberry) to become a secure POS device WITHOUT having to "lug around" our device. 

Just connect it "one-time" to your mobile device via the earjack, swipe your card(s), enter your PIN(s) and "voilla" your 3DES encrypted payment information is securely stored in HomeATM's HSM  (Hardware Security Module) in our PCI certified data NOC.  (network operations center)

The user is now "enabled" to use their mobile phone to securely purchase online, transfer money from account to account, to others, etc. 

When the user is done "enabling" their phone, they can simply pass our device along to the next person, who can then do the same thing...and so on...and so on...






Reblog this post [with Zemanta]

Corporate Security Threatened by Converged Risks

Business ICT Risks - General
Source: Net-Security
Complete item: http://www.net-security.org/secworld.php?id=7418

Description:
As the risks faced by businesses grow ever more complex and threats proliferate, the job of those responsible for managing the security of the organization have got much harder.

The whole concept of security has also expanded way beyond the traditional remit and into areas such as protecting brand and intellectual property, preventing losses, anti-counterfeiting, cyber-terrorism, parallel trading and on-line fraud.

Many security departments are so busy fighting day-to-day fires that they risk missing less obvious but equally important threats as well as failing to "keep an eye" on the wider issue of 'converged' risk. As traditional risks converge with new ones, they can seriously jeopardize the organization's long term profitability, damage its brand or even threaten its very existence.

E-Secure-IT
https://www.e-secure-it.com
Reblog this post [with Zemanta]

Card Skimmers Create 149% Increase in ATM Fraud

- Banking/Finance - ATM / POS
Source: european-atm-security
More info: https://www.e-secure-it.com/upload/351074.doc

Description:
EAST (the European ATM Security Team) has reported a 149% rise in ATM related fraud attacks during 2008.  This reverses a previous trend and is primarily led by the 129% increase in card skimming incidents, with a total of 10,302 reported.  Despite this significant increase in incidents, fraud related losses increased by just 11% with a total loss of ?485 million reported.  This smaller increase in losses, relative to the significant rise in reported incidents, is indicative that that deployed counter-measures, such as anti-skimming devices, are increasingly effective, as are fraud monitoring and detection capabilities. 

EAST Director and co-ordinator, Lachlan Gunn said, "This increase in reported incidents is of great concern to EAST members.  While the year on year fraud loss figures show an increase, the half year figures show a declining trend for such losses over the past three six month periods, with international losses due to card skimming falling by 18% in the second half of the year.  This indicates that the EMV* rollout in Europe continues to be effective, although international losses are expected to continue while criminals are able to illegally withdraw cash from ATMs abroad that are not EMV compliant".

E-Secure-IT
https://www.e-secure-it.com

Tuesday, April 28, 2009

CommSec Breached by Hackers

Source: News
Complete item: http://www.news.com.au/technology/story/0,28348,25396936-5014239,00.html

Description:
SECURITY at the nation's (Australia) biggest online trader has been exposed as wide open to attack by computer hackers.

Security flaws at CommSec potentially endangered accounts containing billions of dollars of mum-and-dad investors' money.

After a Herald Sun investigation, CommSec's 1.7 million customers have been strongly urged to change their passwords.  Editor's Note:  Passe' Words

Had any hackers entered the system they would have been able to access the personal details of CommSec's customer accounts and trade in other people's share portfolios.

E-Secure-IT
https://www.e-secure-it.com
Reblog this post [with Zemanta]

HomeATM at FinovateStartup09 Today

After a fantastic week in Las Vegas at the ETA Show, we are scheduled to participate in FinovateStartup09 tomorrow.  I depart Phoenix for San Francisco this morning to meet up with HomeATM CEO Ken Mages and COO, Mitch Cobrin who flew directly there from Las Vegas. 

It looks to be an exciting time and we look forward to meeting with several other providers of financial innovations whom were also invited to participate.  For more information on FinovateStartup09, click the following link: www.finovate.com   I've included a copy of our press release (below) announcing our participation which also provides more details about the event. 
 

HomeATM to Participate in FinovateStartup09

HomeATM has been invited to to discuss the merits of their innovative Internet PIN Debit Solution at FinovateStartup09, to be held in San Francisco on April 28th.

FOR IMMEDIATE RELEASE



PRLog (Press Release)
Apr 10, 2009 – Chicago: HomeATM is pleased to announce that it will be participating at the FinovateStartup09 Conference, April 28, in San Francisco, California.   HomeATM CEO Ken Mages and COO Mitch Cobrin will be discussing the company's patented and PCI 2.0 Certifed Online PIN Debit Solution.  

HomeATM engineered and now manufactures the World's First and Only PIN Entry Device designed specifically for eCommerce use.  The Payment Card Industry, which consists of representatives from Visa, MasterCard, American Express, Discover and JCB International, approved the device last month in a milestone event toward PIN Debit on the web becoming ubiquitous.   A majority of industry experts agree that a hardware approach towards PIN Debit for the web is the only way to secure and protect valuable cardholder data from fraudsters.

"We are pleased to be able to demonstrate why a hardware approach to protecting cardholder data in a web based transaction is far more secure than any other approach imaginable,"
said John B. Frank, HomeATM Executive Advisor.  "Swiping one's card is not only exponentially more secure than typing in one's 14-16 digit Personal Account Number, but one could argue that it's also 14-16 times more convenient."  

The HomeATM PIN device plugs into any USB port in milliseconds and is Plug and Play...there is no software or drivers that need to be installed.  

"When a consumer swipes their card using HomeATM's SafeTPIN, it results in a "Card Present" transaction, which is not only a more secure way to process bank cards, but provides the merchant with significantly lower Interchange fees," Frank explained.  "By   incorporating a PIN Pad into their device, merchants enjoy a dually authenticated transaction, which  provides them with "true" PIN Debit Interchange as well."  

"The value we can provide internet merchants is enhanced with our recent  PCI 2.0 Certification,"
continued Frank.  "We can effectively remove the Internet Retailer from the scope of PCI DSS providing "instant compliance," which could potentially save them hundreds of thousands in costs associated with the compliance process"  

HomeATM's PCI 2.0 Certified SafeTPIN was also designed to be used as an authentication device, replacing easily hacked Username/Password:
protocols curiously employed by financial institutions for online banking.  Swiping one's bank card and entering their PIN outside the browser space provides military grade encryption as it uses Triple DES and DUKPT key management protocols.  

With the recent rash of breaches, it is important to provide consumers and merchants with the most secure payment and authentication mechanisms available.  In the brick and mortar world, that mechanism is PIN Debit.  HomeATM is poised to bring it to the other world...the world wide web.  

FinovateStartup is a spin-off of the New York City-based Finovate conference, the first demo-focused conference in financial technology. It is organized by Online Financial Innovations, a boutique banking technology research firm based in Seattle, Washington.

Select companies will have seven minutes on stage for a demonstration of their best products or services. Some areas to be covered are: Person-to-person (P2P) lending, new marketing tools, better online financial security, mobile banking and payments, Web 2.0 investing, personal finance, Online PIN Debit and next-generation online banking platforms.  FinovateStartup's debut last year had almost 300 executives, entrepreneurs and industry experts in attendance.

In other news, HomeATM will also be at the ETA Meeting & Expo April 21-23 at the Mandalay Bay Resort & Casino in Las Vegas.  Stop by and visit us at the FIS Booth #347 and get a FREE HomeATM PIN Device!  

For more info please visit Fidelity National Information Services website: http://www.fismoreinfo.com/merchant/index.asp

About HomeATM:

HomeATM owns a global patent for secure Internet PIN based transactions. Leveraging our E2EE PCI 2.0 PED certified solution, a merchant or remitter can move funds from their bank account or open loop/closed loop payment card in real-time. Utilizing HomeATM's patented solution with a bank issued card alleviates the burden for merchants to address fraud issues as HomeATM leverages the issuing bank's KYC/AML (Know Your Customer/Anti-
Money Laundering) protocols. No other payment solution serves Person-to-Person, Business-to-Consumer, Business-to-Business, and Mobile Payments with the speed, security and cost-effectiveness of HomeATM. HomeATM is EMV ready and already enjoys strategic relationships with Cardinal Commerce and UATP.

For further information, visit: http://HomeATMBlog.com or contact John B. Frank, Executive Advisor, jfrank@HomeATM.net or 612.432.6980

About Fidelity National Information Services

Fidelity National Information Services (FIS) is the world's top-ranked technology provider to the banking industry. With more than 24,000 experts in 90 countries, FIS delivers the most comprehensive range of solutions for the broadest range of financial markets, all with a singular focus: helping you succeed. Every FIS solution has the strength you need for profitability today, and the power to help you manage whatever comes next.  

Recently FIS entered into an agreement to acquire Metavante, a leading provider of banking and payment technologies to financial services firms and businesses worldwide. Metavante is based in Milwaukee, Wisconsin, with more than 5,900 employees and 8,000 clients worldwide. The combined company will be headquartered in Jacksonville, Florida, and will provide one of the most comprehensive ranges of integrated products and services, across more markets and more geographies than any other provider in the industry.
# # #

For more information visit: www.PINDebit.blogspot.com

To View the Official Press Release, click here





Reblog this post [with Zemanta]

Visa: Sell Class C Shares Sooner Than Later

UPDATE 1-Visa accelerates liquidation of Class C shares
  •  Non-U.S. banks can sell up to 30 pct of class C shares
  •  Liquidation could help banks raise money
  •  Visa shares fall 2.2 percent
Visa Inc said it had accelerated the timetable for non-U.S. financial institutions to sell their shares of the world's largest payments network, in a move that could help battered banks to raise money.

Non-U.S. banks holding shares known as "Class C" can sell up to 30 percent of them any time after July 1. The prior rules allowed banks to sell their shares beginning March 25, 2011.

Visa said the release of Class C shares would not have a dilutive effect. The credit card and debit network said the Class C shares would automatically be converted into Class A shares, tradable in the public market.

Created in October 2007 from the merger of Visa U.S., international and Canadian operations, Visa Inc went public last year in the largest initial stock offering from a U.S. company.  San Francisco-based Visa said the remaining Class C shares would continue to be subject to transfer restrictions that expire in 2011.  To participate in the program, the foreign financial institutions will need to apply to Visa's transfer agent between July 1 and Sept. 30.

Visa's shares fell 2.5 percent to $58.86 in morning New York Stock Exchange trade. The stock is up 13 percent in 2009.


Grappling With ACH Fraud - BTN


Bank Technology News | May 2009 | By Michael Sisk

The number of paper checks being converted to ACH transactions is growing exponentially, making the channel more enticing to thieves and increasing instances of fraud. It's a problem that's starting to get the attention of the industry, says Nick Holland, a senior analyst at Aite Group. He recently surveyed 23 U.S. banks and credit unions and found that 95 percent cited ACH fraud as an important or extremely important concern.

The driving factor is that ACH is being used in ways not originally intended and that security around the channel has not kept up. "Fraud moves to the point of least resistance," Holland says, and as the access to the ACH network grows and fraudsters' sophistication advances, the ACH network may be increasingly targeted.

Continue Reading at BTN



Debit Card Usage Continues to Grow


Figures show trend towards plastic in general.

Consumer spending using credit cards grew by 2% last year, according to the latest figures from UK payments association Apacs.  The organization revealed that £126.2bn was spent using credit cards in 2008, up from £123.8bn in 2007.  However, retail spending using credit cards - which does not include financial payments or travel costs, among others - recorded a slight fall of 0.6% over the year, totalling £60.7bn, down from the £61.1bn spent in 2007.

Debit cards continued to grow in popularity, seeing 9.5% growth in all consumer spending and 6.8% in the retail sector.


"Despite what started to happen across the economy last year these latest figures don't reveal any marked changes from the annual trends we've seen over the past few years," said Apacs director of communications Sandra Quinn.

"Most notably consumers are increasingly choosing to use their debit cards in preference to cash or checks and also, it seems, their credit cards."

Figures released this week by the British Bankers' Association revealed that there were 93m credit card transactions in the UK during March, up 0.6m from February's total.


62% of Major Applications Breached in Last 12 Months

Over 60% Of Breaches Tied To Flaws In Business-Critical Applications

DarkReading

If you still don't think security vulnerabilities in software will necessarily catch up with you, think again: 62 percent of organizations in the last 12 months suffered data breaches as a result of bugs being exploited in their major applications, according to a newly released survey.

Forrester Consulting, commissioned by Veracode, surveyed application developers and security and risk professionals in 200 organizations in the U.S. and U.K., and found that secure software development programs are rare -- only 34 percent said they have a software development lifecycle program that integrates security.

"The survey showed that people, process, and culture are the primary inhibitors," says Matt Moynahan, CEO of Veracode, in an interview. "Security is not a core competence of enterprises developing code."



Continue DarkReading


Bling Nation Chooses Phone Factor for Validation

Bling Nation Chooses PhoneFactor to Validate Consumers' High-Ticket Items and Suspicious Transactions
Community Payment Service Offers an Unprecedented Level of Transaction Security to Their Customers

OVERLAND PARK, KS -- (Marketwire) -- 04/28/09 -- PhoneFactor, a leading provider of security products and services, today announced that Bling Nation has selected its phone-based authentication technology to protect bank customers from fraud and identity theft.

Bling Nation provides a Community Payments Service for community banks. Through this service, Bling Nation enables financial institutions to more profitably and securely support payments between their local demand deposit account (DDA) customers and their merchant customers by bypassing the current global debit payment model and replacing it with an efficient, cost-effective and local payment network.

That's where PhoneFactor comes in. One of Bling Nation's key fraud prevention features is to have consumers validate high-ticket and suspicious transactions through PIN entry on their phone before transactions are authorized. PhoneFactor enables this two-factor authentication on consumers' mobile phones by having them authenticate not only the specific transaction, but also the amount. This advanced protection can be added to retail transactions as well as ecommerce and online banking transactions. In an online transaction, out-of-band transaction verification is critical for defeating man-in-the-middle attacks and keystroke loggers.

Puneet Agarwal, COO of Bling Nation, said they chose PhoneFactor because of the company's focus and expertise providing two-factor authentication for financial services applications.

"PhoneFactor also has a robust, highly reliable technical product, and the people are open to working with us to customize the solution for an easy and friendly customer experience," Agarwal said.

About PhoneFactor

PhoneFactor is a simple two-factor authentication service that provides far greater security than usernames and passwords. The award-winning service can use any phone (mobile or landline) as a second form of authentication. PhoneFactor can be setup in minutes and eliminates the need for tokens, smart cards or certificates. Learn more at www.phonefactor.com.

About Bling Nation

Bling Nation provides a local payment network, which allows banks to convert potential on-us debit transactions into actual on-us debit transactions by offering consumers secure contactless payments at the point of sale. Bling Nation's proprietary technology enables transactions to be processed more efficiently than a traditional credit or debit card network, delivering value for the bank, merchants and consumers through its Community Payments Service. For additional information, visit www.blingnation.com.

Company Contact:
Alison Hill
913.499.4146



MRC to Lead Fraud Risk Discussion at NRF Conference

FOR IMMEDIATE RELEASE

MEDIA CONTACT: Jordan Rubin
TELEPHONE: 206.364.2789
EMAIL: jordan@merchantriskcouncil.org

MERCHANT RISK COUNCIL TO LEAD FRAUD RISK AND LOSS PREVENTION DISCUSSION AT NRF CONFERENCE


MRC Executive Director Leads In-depth Discussion on Major Fraud Prevention Advancements

(Seattle, WA—April 28, 2009) The Merchant Risk Council (MRC), a merchant-led trade association focused on electronic commerce risk and payments globally, today announced that Tom Donlea, MRC Executive Director, will moderate the session “What Every Loss Prevention/Risk Manager Must Know in Today’s Economy” as part of the National Retail Federation’s Loss Prevention Conference & EXPO in Los Angeles this June.

Donlea will lead an active panel of fraud experts from Apple, Inc. and Staples, Inc. The panel will discuss the most recent advancements that merchants have gained in fraud prevention, as well as highlight the top tips every multi-channel retailer needs to consider in minimizing risk.

“Electronic commerce plays a crucial role in our industry today,” said Rhett Asher, Vice President of Loss Prevention for the NRF, “Having such a talented group share their expertise about how to minimize the risk of fraud will be of great value to our attendees.”

The panelists for this session are veteran MRC members who will be providing attendees with real-world experiences, tips and tricks for combating e-Commerce fraud, including:
  • How to continuously improve your fraud/risk management system
  • The value of effectively managing and disputing chargebacks
  • The importance and impact of reporting fraud to law enforcement agencies
  • How payments can impact your particular e-Commerce business model (both good and bad)
This session takes place at 10:15 a.m. on Wednesday, June 17 as part of the NRF Loss Prevention Conference & EXPO at the Los Angeles Convention Center.



About Session Moderator

Tom Donlea, Executive Director, Merchant Risk Council

Tom manages a leading trade association for merchants, vendors, e-Commerce risk management professionals and law enforcement. The Merchant Risk Council (MRC) is a merchant-led trade association focused on electronic commerce risk and payments globally. The MRC leads industry networking, education and advocacy programs to make e-Commerce more efficient, safe and profitable.

About Session Panelists

Susan Grajek - Fraud Prevention Manager, Apple, Inc.

Susan leads the fraud prevention efforts for Apple’s online store and iTunes. Susan began her career in Retail Loss Prevention over a decade ago holding a myriad of positions such as Loss Prevention Coordinator, Regional LP Auditor, Credit Fraud Investigator and Assets Protection Manager. The last nine years have been fighting fraud in the world of e-Commerce. Susan also has held a Board seat with the MRC as well Conference Chair in the past.

Bob Sullivan – Director, Fraud Investigations, Staples, Inc.

Bob has been involved with Staples Asset Protection for over 15 years. As Director, Bob is responsible for all non-store investigations within Staples. For the last eight years, Bob’s primary role has been preventing online fraud attacks against Staples.com and Staples Canada. Bob’s background includes experience in Staples store security as well and distribution security. Prior to joining Staples, Bob was the Planning Director for a large New England Police department.

About the Merchant Risk Council

The Merchant Risk Council (MRC) is a merchant-led trade association focused on electronic commerce risk and payments globally. The MRC leads industry networking, education and advocacy programs to make electronic commerce more efficient, safe and profitable.

Today, with the power of its member-base, the MRC is the leading trade association for managing payments, preventing online fraud and promoting secure e-Commerce. The MRC is dedicated to working with e-Commerce and multi-channel merchants, payment processors, credit card issuers, credit card companies, alternative payment providers, risk management experts, and law enforcement to make the Internet a safer and more profitable place to do business.

The MRC Board of Directors and Advisors includes: Expedia, Inc., Adobe Systems, Inc., Neiman Marcus Direct, Apple, Inc., BestBuy.com, Bill Me Later, Blizzard Entertainment, Chase Paymentech, CyberSource Corporation, Dell, Inc., Discover Network, 41st Parameter, Gap, Inc. Direct, iovation, Microsoft, Trustwave, Visa, Inc. and Wal-Mart.

The MRC is headquartered in Seattle, Washington.

# # #

Jordan Rubin
Communications Manager
www.merchantriskcouncil.org
206.364.2789 office | 206.367.1115 fax

We have moved our offices. The MRC is now located at: 2400 North 45th Street, Suite 15 Seattle, WA 98103
Reblog this post [with Zemanta]

KoobFace: It's In Your FaceSpace

Image representing MySpace as depicted in Crun...Image via CrunchBase

Source: SunbeltBlog
Complete item: http://sunbeltblog.blogspot.com/2009/04/new-facebook-koobface-run.html

Description:
Koobface, a worm which steals Facebook or MySpace credentials and spams their credentials, is certainly alive and kicking.  ere's a run occurring right now. You get a message from a friend:

http://1.bp.blogspot.com/_Ro7Ss7XtakY/SfZ3GecDG3I/AAAAAAAABPg/MzTLCqevEYM/s1600-h/facbook234882348288.png

Which leads to a Facebook page:

http://4.bp.blogspot.com/_Ro7Ss7XtakY/SfZ0tQyig_I/AAAAAAAABPI/WZqI_2LR470/s1600-h/facebook234892348.png

Which, when clicked, pushes a fake video codec that downloads Koobface

E-Secure-IT
https://www.e-secure-it.com
Reblog this post [with Zemanta]

Twit or Twitout You: The Numbers Grow

Twitter Tally


Tweety Bird would never believe this.

Ifmedia attention is any indication, Twitter has exploded into an all-outphenomenon. Celebrities, politicians, entrepreneurs, business leadersand everyday users are flocking to the service en masse, generating a frenzy of activity and attention.


Everybody is talking about Twitter, but what do the numbers say?  Editor's Note:  This seems like a good time to let you know you can follow the PIN Payments Blog on Twitter by clicking this line.

eMarketer estimates there were roughly 6 million Twitter users in the US in 2008, or 3.8% of Internet users.

eMarketer projects that the number of Twitter users will jump to 18.1 million in 2010, representing 10.8% of Internet users.

By all measures, Twitter is growing, and quickly.

comScorereported that Twitter.com drew 4 million unique visitors from home,work and college/university locations in February 2009, up from 340,000a year earlier—a 1,086% increase.

Nielsen Online reported 7 million unique visitors to Twitter.com during the month, up even higher—1,381%—from 475,000 the prior year.

The Competefigures were higher for the month charted, and according to its latestfigures, Twitter had over 14 million unique users in March 2009.

comScore also reported a surge in March. After months ofdouble-digit growth, traffic to Twitter.com accelerated 131% to 9.3million visitors for the month.

And the number of Twitter users is considerably greater thanthe number of visitors to Twitter.com, as a result of the multipleaccess points for the service (for example, mobile devices and desktopapps).
What’s driving this phenomenal growth?

“Twitter lets people know what’s going on about things they careabout instantly, as it happens,” Evan Williams, Twitter’s CEO, told The New York Times. “In the best cases, Twitter makes people smarter and faster and more efficient.”

A survey of Twitter users from MarketingProfsbacks Mr. Williams’ views. On a scale from 1 to 5 (with 1 for stronglydisagree and 5 and for strongly agree), the phrase “I find it excitingto learn new things from people” averaged a score of 4.65 and “I valuegetting information in a timely manner” averaged 4.58.

“Above all, people on Twitter are truly motivated by learningnew things and getting information real-time, as it’s developing,” saidAnn Handley of MarketingProfs.

To follow eMarketer on Twitter, and definitely get smarter and faster and more efficient, click here
.
Source: IT Pro
Complete item: http://www.itpro.co.uk/610657/olympics-could-be-hit-by-cyber-attack-says-blunkett?CMP=NLC-Newsletters

Description:
Labour MP David Blunkett will warn that the London Olympics could be under threat from a severe cyber attack unless urgent action is taken, according to reports.

At a keynote this week's Infosecurity Conference, he will also claim that terrorists could use sophisticated hacking to cause a complete meltdown of computer and communication systems.

Blunkett will also stress that there is a woeful level of awareness of the cyber attack threat and urge that government, security experts and businesses work together to make Britain more secure.

In reference to the dangers posed to London 2012, he is to say that the threat of criminals engaging in sophisticated fraud can be compared to the danger of more traditional terrorism.

Visitor requirements such as ticketing, transportation and hotel bookings could be disrupted.

He will say that the Games represents an opportunity for fraudsters and those seeking to hurt the economy.

Blunkett will also claim that duplication and hacking into information could allow criminals to disrupt facilities and commit the theft of identity, credit cards and other personal data.

Last year, BT said that it will treat the London Olympics as a major incident.

David Blunkett's constituency had not responded to IT PRO's request for comment at the time of publication.
Reblog this post [with Zemanta]

Disqus for ePayment News