Thursday, March 5, 2009

Nostra(para)digmus


I
've posted quite a few times that we're in the midst of a major Paradigm Shift. (use the HomeATM search bar on the right and "enter paradigm shift" to read) I took a moment to outline (see graphic on left) some of the finer points which provide e-vidence of this impending shift.

I am positive that convenience will be forced to take a backseat to security which is clearly going to be in the drivers seat.

Likewise, I am more confident that in order to secure a transaction it has to be done by Hardware. No predictions there...just fact. To the engineers at HomeATM...it's a foregone conclusion. It doesn't matter what anyone says today... tomorrow always shows us the truth.

Truth is, hardware is not a "better" option, it's the only option. Software is breached 92% of the time vs. only 1% for hardware.

One doesn't need to be Einstein to figure out that if something is breached 92 times more than something else, then the "something else" MUST be more secure.

Question: If something is breached 1% of the time vs. 92%, then wouldn't it be at least 92 times easier to to "fix" what causes 1% of breaches?  In the case of hardware being breached, tampering was virtually to blame everytime. So we made our SwipePIN device tamper proof. We're done.



When you consider new cracks in Secure Socket Layer(SSL) websites , DNS hijacking, Man-in-the Middle Attacks (MITM) Malware, bots, and combine that with the fact that there's been3 Major Processor Hacks in 3 Months, these are indeed dangerous times. This doesn't even take into account the YTBD hacks which will occur in the near future.


We're all at risk for loss if we believe that a PIN Based solution can be peripheraless. Once again, Hardware is not an option. IBM came to the same conclusion whilst looking at how to best secure online banking. See: IBM Agrees with HomeATM....Hardware Required.

Information security will become the number one priority for EVERYONE, and the ONLY way to securely transact an e-commerce transaction is via hardware. There is NO other way. Besides...what's the anti-convenience rhetoric about Hardware anyway?  Doesn't it make it more convenient when you don't have to type in a bunch of digits, expiration dates or CVV's. 

Besides...we're used to hardware...don't you have to plug a cigarette adapter into your iPhone or Blackberry to charge it? How hard is that?  Well, in addition to processing PIN Debit, you can plug in the HomeATM SwipePIN device and "charge it."  What's the difference?  Plug in cell-phone to charge it...Plug in SwipePIN device to charge it. 
(Don't forget about our PIN my Card application which allows you to securely assign a PIN number to your credit card, providing a more secure dually-authenticated transaction) 


The Internet is demonstrating significant power to provide "Net"profit", Cash has been replaced as King, having being "overthrone" by King Debit, and information security is more important than ever. It doesn't take Nostradamus to write a quatrain predicting that EFT Networks will want their piece of the PIN Debit/Credit Internet Pie.  And rightly so!  Why should they be "shut out" from Internet transactions?  

PIN Debit leads Signature Debit 45%-35% in the physical world, but doesn't yet exist in the virtual one. Can you possibly disagree that the paradigm shift will contribute towards bringing PIN Debit to the web? Problem is...in the past retailers were the focal point of hackers. Got the Personal Account Numbers but never the PIN. Now it's processors. 100 Million Personal Account Numbers...Zero PIN's.

PIN's are the Holy Grail to Hackers. Doesn't ANYONE SEE (beside's Avivah Litan, HomeATM and IBM) what's going to happen if we attempt to secure them in a software environment?

Nostra(para)digmus predicts that no matter what we see today, tomorrow will show us the truth.

















Reblog this post [with Zemanta]

Block V/MC from Debit System - Canadian Retailers

Canadian Retailers are really up in arms about Fees.  Here's an excerpt from an article from the Vancouver Sun. 

Block credit card companies from debit system: Retailers
OTTAWA — A leading business organization is calling on Finance Minister Jim Flaherty to use "moral suasion" to block credit card companies from entering the debit market so shoppers are shielded from higher price tags.

And if public pressure doesn't work, the Retail Council of Canada says Flaherty should exercise his power to regulate the payment system to protect retailers from seeing a "very substantial increase" in merchant costs, which would be passed on to consumers.

Interac has already applied to the Competition Bureau to restructure from a low-cost non-profit organization to a for-profit operation in anticipation of Visa Canada and MasterCard's move into the debit market.

"If government were to indicate that it was concerned about this, it was concerned about the cost this would impose on small businesses and on customers, I think the large banks would think very long and very hard before they bought in to the Visa and MasterCard model," said Peter Woolford, the retail council's vice-president of policy and research.

"Moral suasion has a role, so Visa and MasterCard might continue to try and sell their product, but the banks might look at it and say, 'Do we really want to infuriate all of our customers in order to make some money when we're already making money on the product we use today?'

"They might think twice before they say, 'We've got this great new product where we get to gouge you.'"

The retail council estimates merchant fees could more than triple if banks sign up with the debit systems of Visa or MasterCard. Currently, Interac fees for retailers range from about three to seven cents per transaction, depending on the size of the retailer. The fee does not change if the total bill for the transaction is higher, as is the case with credit-card transaction fees set by credit-card companies and paid to the issuing banks.

Continue Reading


Related:

Taking a Swipe at Debit Competition - The Star

Reblog this post [with Zemanta]

Chart - 2000-2008 Online Fraud Losses

From Practical E-Commerce: 
Revenue loss from ecommerce fraud rose 8 percent in 2008 to $4 billion, matching the overall growth in online sales, according to a new study.

Although ecommerce fraud as a percentage of total sales was flat at1.4 percent in 2008, total online sales actually grew so that theabsolute revenue lost increased from $3.7 billion in 2007 to theaforementioned $4 billion in 2008, according to the Mindwave Research study conducted for the Merchant Risk Council, a merchant-led trade association focused on electronic commerce risk and payments globally, and sponsored by CyberSource.

The survey also sought to compare Merchant Risk Council members'rates of fraud loss and transaction acceptance to the rates fornon-members.
Here's the Chart from Practical E-Commerce


Reblog this post [with Zemanta]

Heartland CEO Forced to Sell Stock to Pay Back Loan

Things going from bad to worse for Bob Carr as now he's been forced to sell almost 700,000 shares of  his stock.  That constitutes more than one-sixth of his holdings and the reason was to meet loan obligations for which the stock was pledged as security. 

The balance of his shares continues to be subject to pledges under the loan and although it's likely he'll have to sell more shares to meet those pledges, this is the last time we're going to hear anything about it. 

Last week, a class-action lawsuit was filed against Heartland on behalf of banks who were forced to issue new cards.  (see related stories below)



A breach can be a messy thing.  Hope the EFT networks are taking notice when they decide to go with either a hardware or software approach to bringing PIN Debit to the web.  In the Heartland breach, although 100 MILLION Personal Account Numbers (PAN's) were obtained...the total number of PIN's lifted was ZERO.  Let's keep it that way.

Here's the press release:

Click to Enlarge


Princeton, NJ – March 2, 2009 – Heartland Payment Systems, Inc. (NYSE: HPY) announced today that Robert O. Carr, chief executive officer, and his wife, Jill A. Carr, were subject to the forced sale of an aggregate of 692,412 shares of the company’s common stock to meet obligations under a loan for which the shares were pledged as security. The proceeds of the loan were used to refinance prior loans, a portion of the proceeds of which were expended by Carr in connection with the acquisition of approximately 1.75 million additional shares of Heartland Payment Systems stock by the exercise in 2006 of options granted by two large institutional stockholders. The balance of the common stock of the company owned by the Carrs, approximately 4.3 million shares, continues to be subject to pledges under the loan, and it is likely that additional shares will be sold.

Carr commented, “I am extremely disappointed about this involuntary sale of my stock. This forced sale is precipitated by the mix of extraordinary circumstances confronting Heartland and the recent drop in its stock price. Unfortunately, I had no ability to stop the sales by my lender. Together, with my wife, I have been one of the company’s largest shareholders since its inception, and I acquired additional shares of stock in 2006 as an expression of my confidence in the company’s potential. This sale initiated by my lender does not in any way reflect my view of the company’s value and future performance potential. My confidence in Heartland remains strong, and I am enthusiastic about reestablishing my ownership position in the company over the months and years to come.”

The company has also been advised that Sanford C. Brown, chief sales officer, is expected to be subject to a forced sale of shares of the company’s common stock to meet obligations under a loan for which the shares were pledged as security.

The company does not undertake to provide further updates concerning future forced sales of shares owned by the Carrs or Brown.


Reblog this post [with Zemanta]

Keep Friends Close...Enemies GeoTracked

New White Paper: Geolocation − Knowing Your Enemy

If you're interested in learning how to protect your business against card-not-present fraud, Quova's new white paper, "Geolocation - Knowing Your Enemy," may be of interest.

This paper addresses how Quova's customers are using IP geolocation technology to minimize fraudulent online orders, limit manual reviews and reduce false positives by: 
  • Recognizing mismatches between credit card billing locations and IP locations
  • Blocking orders from specific "high risk" countries
  • Flagging orders with problematic domain name extensions
  • Identifying and declining or reviewing orders forwarded by anonymous proxy servers
  • Detecting uncharacteristic behavior from analysis of user profiles
  • Establishing unlikely time patterns for location or frequency of shopping activity
To learn more, download a copy today.
Reblog this post [with Zemanta]

UKash Is In France



Ukash brings vouchers on the French market via partnership with Central Telecom
UK voucher-based prepaid online payments provider Ukash has partnered French telecom operator Central Telecom to make the Ukash vouchers available through Central Telecom's Tonéo prepaid card.

According to the agreement between the two parties, French online shoppers can buy a Tonéo card at over 15,000 locations across the country and exchange it for a Ukash voucher on the internet or via SMS through Tonéo's call centre, virtualgoodsnews.com reports. Online buyers can use the vouchers to make purchases on social networks, virtual worlds and online games.

Tonéo enables customers to make IDD calls, pay online or top up a mobile abroad (airtime transfer). In order to pay with a prepaid Tonéo card which can be bought from a store or on the internet, customers must convert credit into a payment code with one of Tonéo partners: Ukash, Wallie or French online payment services provider Ticket surf.

The Ukash, Wallie or Ticket surf payment orders allow customers to purchase virtual services within online games, pay for top-ups for VoIP and settle subscriptions on social networking websites.




Reblog this post [with Zemanta]

PaycheckSecure Now AllTrust Networks



Leading Biometric Check Cashing Company Changes Name to AllTrust Networks

Trusted Data Network and New Service Offerings, Prepaid Card and Bill Payment, Drive Name Change

HERNDON, VA – (March, 2009 (AllPayNews.com) – The leader in biometric check cashing, formerly know as BioPay Paycheck Secure, announced its new company name, AllTrust Networks. Still under the same ownership and management, the name change is part of the company’s overall strategy to position itself as the leading provider of “decisioning” data in the alternate financial service market. Its customers, retailers who are part of the AllTrust network, benefit from this “trusted” data source, receiving valuable check recommendations based on transaction history – from both the check issuer and the check casher. Transactions that begin with a biometric identification are faster and more secure than traditional check authorization systems. AllTrust leverages its network of over 5-million enrolled consumers and thousands of retail locations to dramatically reduce the fraud risks of payroll check cashing.

The name change also reflects the expansion of the company’s service offerings and the added value created for both retail clients and consumers. Prepaid card issuance and bill payment services complement the base check cashing system, and enable retailers to more efficiently fulfill their customers’ needs by using one system to perform multiple financial services. In addition AllTrust Networks has enhanced existing features of the check cashing product including electronic deposits and check maker research, to improve the overall retailer experience.

“Our client base, comprised of grocery, c-store and financial service centers, uses our check cashing system to drive in-store traffic, reduce losses from bad checks and grow their businesses by efficiently serving underbanked individuals,” said Jon Dorsey, CEO of AllTrust Networks. “We are proud of our ability to service this market through our trusted data network, and strongly believe that the name change more clearly defines our commitment to both retailers and consumers.”

About AllTrust Networks

With more than five million registered consumers, AllTrust Networks, formerly BioPay Paycheck Secure, is the most widely used biometric check cashing system in the nation. Thousands of retail locations across 46-states are using the Paycheck Secure system to quickly, safely, and easily identify customers and process financial transactions. Designed to stop fraud and speed check cashing transactions, the payroll check cashing solution, now offers retailers and banks full MSB compliance, embedded Check 21 processing, prepaid card and bill payment services. For more information on AllTrust Networks, visit www.alltrustnetworks.com







Reblog this post [with Zemanta]

Disqus for ePayment News