Thursday, May 21, 2009

Comparing Apples to...Let's Just Say "The Real Deal"

The HomeATM Blog has spent considerable time in its efforts to "attempt" to educate readers about payments security (and/or the lack thereof) Here's a quick rant on mobile phone security.

iCan't help but cringe (the first time iLaughed) every time I see that iPhone commercial, you know the one that shows somebody entering their credit card iNformation iNto an iPhone.  Are they freaking iNuts? iDon'tGetiT.

Here's why:  When you do that you are entering your valuable credit card iNformation iNto a "BROWSER."  Any guesses as to why they call iT a browser?  iF anyone said: "Because hackers can browse for iNformation on iT" congrats!  So here's my beef: "Where's the Security? 

iUnderstand the hoopla and the fact that there iS a rush to market for applications that enable mobile phones as payment devices, but we (hopefully) already have learned that web browsers ARE NOT SAFE.  Question: What does a mobile phone use?  Yup.  So what iS the only logical conclusion you can come to?  Yup.

Have we learned NOTHING from the errors of our ways?  You don't type your PAN (Primary Account Number) iNto a web browser or iT can be seen by anyone who wants to see iT. 

Case in Point: 
Arecent study by an American security company found that 93 per cent ofmobile devices in the US lack data loss protection and other systems toprevent a data leak. - Source Credant Technologies 11/18/08


So why on earth have we "graduated" (we shoulda been held back) to typing our number iNto a phone.  The security on a phone iS certainly less formidable than Web security.   Slow down people...Haste makes Waste.  Do iT Right. 

As iN the case of the web, payments need to be done "outside the browser" and they need to be done securely.  That said, here iS an example of a "secure" mobile payments application...


1. Plug in the world's first and only PCI 2.0 Certified 3DES, Protected by DUKPT end to end encrypted PIN Entry Device
2. Swipe your credit or debit card (and thus your PAN & Track 2 data on the magstripe) ONE-TIME!
3. Enter your PIN (if applicable) ONE-TIME!   (Repeat with any credit/debit card you'd like to enable in your iWallet) 



The result?  Your sensitive PAN and PIN (and your Track 2 data) is "instantaneously" encrypted "outside the browser space" and henceforth protected by the aforementioned "military grade" encryption.  The cardholder data is NOT  unencrypted until it arrives safely into a secure HSM (hardware security module) at our processing NOC (Network Operations Center).  

Your phone is now "safely and securely" forever enabled as a payments device and your PAN, your Track 2 data and your PIN is NEVER in the clear...so you are.    Simply pass along the HomeATM PCI 2.0 Certified PED to a friend or family member and they can also "securely enable" their phone as a payments device. 

But NEVER type your PAN into a browser unless you want to "share the wealth."  We say it is imminently more intelligent to "share the HomeATM PIN Entry Device" in order to enable friends and family to safely transact on their mobile phone.


Oh...BTW...in a related (rush to market) story, Intuit, the maker of QuickBooks software for small businesses, is announcing a new service called Intuit GoPayment, (where does it Go?) that will put credit-card processing technology into most cell phones, paving the way for electricians, tow-truck drivers or any other mobile workers who normally depend on sending a bill, collecting a check or sticking to a cash-only model to collect immediate payment.  (Yeah, electricians, tow-truck  drivers, pizza delivery drivers, etc. could also be enabled with our "Don't Go/Stay Secure Payment" application as well.)

But the system does more than just allow mobile workers to collect payment. It also allows users to tap back into their Quickbooks accounts to input different types of information, such as invoicing or estimate information and synchronize it with the Quickbooks data back at the home office.  Yeah, that sounds safe too!







Reblog this post [with Zemanta]

Disqus for ePayment News