Thursday, March 12, 2009

PIN on PED vs. PIN on the Web

Editor's Note:  Both Ken Mages, HomeATM CEO, and Mitch Cobrin, COO were at the Merchant Risk Council Annual Conference over the past two days.  At the conference, a "cautious" Chase Paymentech, announced that they will "pilot" PIN Debit on the Web, first with Acculynk, with others to possibly follow. 

See Digital Transaction News
: A Cautious Chase Paymentech Signs Up for Online PIN Debit

The developments at the MRC are definitely raising awareness for the desire to incorporate PIN Debit into the webosphere.  That is good.  In fact, Mike Strada, manager for debit card product at the Dallas-based processing giant predicted that PIN Debit would become the most widely used payment mechanism on the web by 2012.  I've been predicting that the potential for PIN Debit on the web cannot be ignored since early 2006, back when I started the Pay By Touch Blog.  (HomeATM has been doing the same since 2000)

I know enough about a PIN Based Application to be dangerous, speaking of which, (dangerous) I received an email from our CEO regarding these recent announcements.  I asked if I could post it and he gave me the go ahead, so here it is:

John, I appreciate that your blog is truly YOUR blog. You and I both have issues with the old ATMDirect so those topics are naturally covered frequently.

I don't editorialize nor do I influence the content. Having said this, and having just attended the MRC, I can't help but say that Acculynk does indeed deserve kudos for raising the awareness of PIN for the Internet.

What I would say is that HomeATM does NOT do PIN on the web.  We use the web to connect a buyer to a seller and then we do a safer than standard (the track2 data is encrypted also), traditional, unhackable, unbreachable, impregnable where the Internet is merely the conduit for our encrypted packets (as it is for 99% of all PIN transactions).

I won't belabor the point but if Acculynk (or ANY software only) PIN on the web solution goes live, I promise, just as I promised music and movie executives fifteen years ago that their digital business would die on a PC (and entertainment has, check out Virgin).  Not to mention any software solution using a browser for PIN entry likely violates our core patent.

This isn't meant as a threat nor as a contentious point, I just want PIN experts to weigh in on the real issues of "software vs. hardware"  
POS transactions.

Finally I'll make this last promise or take a lunch bet with anyone...that once software PIN goes live, within a month an FTP site will arise with user's PAN and PIN numbers.

I One-Hundred-Percent (100%) guarantee it.


HomeATM ePayment Solutions

Editor's Note:  At $1000 per PIN (see illustration above, click to enlarge)  I wouldn't bet lunch against him.  Speaking of the illustration above...let me remind you of a direct quote from Acculynk Chairman and CEO, Ashish Bahl... (from Digital Transactions:) 

Without going into details, Acculynk’s CEO Ashish Bahl counters that each click is encrypted in ways intended to frustrate hackers.

At the same time, he adds, the resources necessary to predict when to start and stop screen scraping with each click
would be cost-prohibitive even for determined fraudsters

Editor's Note: "Cost prohibitive" is relative to the potential return. (again, see graphic above) Personal Identification Numbers are the "holy grail" for hackers. If you have the PINs then you have the capability to empty bank accounts. So, in my humble opinion, there is simply no such thing as a "cost prohibitive" barrier when it comes to PIN's. Especially, if the hackers are "determined."  It's something hackers would want to get their hands on "at all costs."

Technorati Tags:

Reblog this post [with Zemanta]

Barney Frank and Internet Gambling

Internet Gambling Back on the Table?

MARCH 11, 2009 - eMarketer

Rolling the virtual dice…

Smart money is betting that Congress will repeal the 2006 Unlawful Internet Gambling Enforcement Act (UIGEA) this year, or at least soon.

Barney Frank (D-MA), chairman of the House of Representatives Financial Services Committee, plans to bring back legislation to repeal the UIGEA this month. Rep. Frank maintains that online gambling is a fundamental freedom, and that attempts to make it illegal smack of Prohibition in the 1920s and 1930s.

In addition, much of the political momentum for repeal of the act is coming from online poker players who are fighting back.

“There is a dramatic need to have a regulated system that protects American consumers,” Jeffrey Sandman, a spokesman for the Safe and Secure Internet Gambling Initiative, told Reuters. “Right now, it's the Wild West.”
PricewaterhouseCoopers (PwC) estimates that the amount the US could raise from regulating and taxing Internet gambling is about 22% higher than it was in 2007—because US online gambling has grown despite the ban.
In fact, comScore Media Metrix found that as of last November, online gambling was the ninth-fastest-growing category online.

Making it illegal for businesses to knowingly transfer payments to Internet gambling operations, including payments by credit card, wire transfer or check, the 2006 ban was approved when Republicans still controlled both houses of Congress and President Bush was in the White House—and before the economy collapsed.

Continue Reading at eMarketer

Reblog this post [with Zemanta]

IBM Internet Security Systems Introduces Endpoint Security Offering


IBM Introduces First-of-a-Kind Endpoint Security Offering

New Offering From IBM Strives to Free Clients From Vendor Lock-In, Simplify Security Management, Reduce Costs and Promote Industry Innovation

ARMONK, NY--(Marketwire - March 11, 2009) - Today, IBM (NYSE: IBM) announced a first-of-a-kind endpoint security offering, IBM Proventia Endpoint Secure Control (ESC), that is designed to enable enterprises to escape from the constraints of vendor lock-in and to enhance endpoint security, compliance and operations at a lower cost. This new endpoint security offering is delivered by IBM Internet Security Systems (IBM ISS) leveraging IBM's depth in security experience and technology from BigFix, Inc. for endpoint security management.

The IBM ISS solution delivers endpoint security management designed to address two major problems in the industry today: the escalating cost of security and the growing complexity of endpoint security management.

Continue Reading

Reblog this post [with Zemanta]

Norm Coleman Donors Credit Cards Hacked | Twin Cities, MN | Coleman urges donors to cancel credit cards after purported data breach

ST. PAUL, Minn. -- If you donated online to Norm Coleman's 2008 Senate campaign, or his recount efforts, you should call and cancel the credit card you used to make that donation.

That was the simple advice from the Coleman campaign on Wednesday, which hurried to notify donors of an apparent security breach in the computer server where the private information of online contributors is stored.

That breach, which most likely occurred January 28th of this year, became more obvious Wednesday afternoon when lists of those donors and partial credit card numbers popped up on the Internet.

"I can't tell you how it pains us to have to tell people that," Coleman recount attorney Fritz Knaak told KARE, "But obviously that's the whole idea, that kind of infliction of harm on our relationship with contributors and supporters is exactly what's intended by this."

Coleman's campaign manager Cullen Sheehan said the Secret Service is investigating the incursion into the data server, which housed a database 4,700 donors. He said it had been compromised most likely by hackers stealing the information via the Internet.

The stolen information included credit card numbers and purchase security codes, in addition to the names, phone numbers, addresses, e-mail addresses and occupations of the givers.

On the web already

By Wednesday afternoon the list had been posted on a political website known as WikiLeaks, which is run by a nonprofit group with the stated goal of creating a "uncensorable Wikipedia for untraceable mass document leaking and analysis."  (Click here to visit the WikiLeaks web page where you can download the list)

The downloadable spreadsheets listed the donors' credit card types, but only 12 of the 16 digits in the credit card number. It wasn't enough by itself to commit fraud, but it was offered as proof that the information is quite possibly in the wrong hands.

The Internet thieves also took a database of 51,000 others identified as supporters, which included even journalists who subscribed to the campaign's electronic newsletters. That list was also posted as a downloadable document on the site.

WikiLeaks did not explain how it came to possess the data, but apparently used the donors' information to tip them off about the breach.

Dozens of Coleman faithful on Tuesday night received e-mails from WikiLeaks informing them,"Your name, address and other details appear on a membership list leaked to us from the Norm Coleman Senate campaign."

Political attack alleged

The document leaking site claims to have a "primary interest is in exposing oppressive regimes" around the world, but the Coleman campaign sees it as a blatant attack on the former Senator's ability to raise money for the current election contest trial in Saint Paul.

"We believe this is a politically motivated attack," Knaak remarked, "We believe it's a basically an assault on the whole political system essentially."

The Senator himself, in a brief statement to reporters after Wednesday's court session, echoed that sentiment.

"I think it will have a very debilitating effect," he told reporters, "I find it to be frightening, I find it to be scary and I'm obviously disappointed."

Coleman said he's confident the Secret Service will solve the case and punish those who are behind it. That agency, part of the U.S. Department of Treasury, was already investigating an attempted invasion of Coleman's servers.

Continue Reading at

Reblog this post [with Zemanta]

There Will Be Blood


Financial Services Technology Spending Will Decline 3.7% in 2009

ROCKVILLE, MD--(Marketwire - March 11, 2009) - has announced the addition of TowerGroup's new report "There Will Be Blood: US Financial Services Trends and IT Spending in 2009 and Beyond," to their collection of Banking & Financial Services market reports. For more information, visit

TowerGroup estimates overall US financial services technology spending will decline 3.7% between 2008 and 2009 as firms scrap ineffectual projects and delay new investments until 2010.

Cost cutting born of desperation may permanently cripple IT structures, while smarter actions to rationalize IT and discard decaying assets offer better short-term returns and long-term strategic benefits.

TowerGroup expects a growing polarization between leaders and laggards as visionary financial institutions rise to the challenge of calamity and move ahead of their weaker competitors.

Replacement IT spending will rise 20% in 2009 as IT transformation -- either forced or chosen -- tops FSI priority scales and opens doors of opportunity for technology vendors.

Three critical trends will reshape the US financial services industry: regulatory pressure, shifting consumer demographics, and accelerating globalization.

FSIs are challenged from two sides to embrace IT transformation in support of new business models: from customers who will demand it and competitors who will provide it

Report Coverage:
Banking and Payments
Securities and Investments
The IT Spending Ripple Effect
Exhibit 1
Exhibit 2
Operational Efficiency
Risk Management
New Customer Segments
Exhibit 3
Securities and Investments
Exhibit 4
Call to Action for FSIs: Survival of the Fittest
Shifting Customer Demographics and Imagination
Disruptive Globalization
Heightened Regulatory Pressure

For more information visit

Reblog this post [with Zemanta]

Disqus for ePayment News