Sunday, March 22, 2009

HomeATM at the (Security) Summit!

HomeATM CEO, Ken Mages and I, just returned from Salt Lake City, where we attended the ProPay Data Security Summit. 

On Wednesday, March 18th, after ProPay CEO Gary Goodrich completed his opening remarks, he introduced PCI Security Standards Council General Manager Bob Russo.

We had been informed by our PCI Testing Lab representative (Witham Labs) that the PCI SSC would probably "officially list" our Safe-T-PIN (the T stands for Transaction) device later that morning.
Ironically, while Bob Russo was a featured speaker at the event. 

While he  was addressing attendees, I refreshed my laptop's screen to see that, indeed,  HomeATM had been added to the distinguished list of PCI 2.0 PED Devices on the PCI SSC website.  My first thought was, how ironic is that?  Two plus years in the making, an we get certified while the GM for PCI SSC is 50 feet away talking about the importance of such certification. But all irony aside, the fact remains that:

For the first time in the history of the PCI Security Standard Council's existence, a PIN Entry Device designed for e-Commerce, achieved PCI 2.0 certification.  That device is HomeATM's SAFE-T-PIN, which provides consumers and merchants with an unmatched level of 3DES DUKPT "fully beginning to end encrypted" security on Web Transactions.

In order to duly record the moment, I "pinned down" (yeah...pun intended) PCI SSC's Bob Russo and asked if he would participate in a picture with Ken Mages, HomeATM's CEO.   Bob kindly obliged, and pictured above is the resulting photo...forever capturing this historic milestone in e-payments history! (Click Pic to Enlarge)

So, what does this all mean?  The security benefits of a PCI 2.0 PED certified device CANNOT be overstated.  Tomorrow I will publish a review of the Safe-T-PIN device, conducted by The Society of Secure Payment Professionals. 

About the PCI Security Standards Council 

The PCISecurity Standards Council is an open global forum, launched in 2006,that is responsible for the development, management, education, andawareness of the PCI Security Standards, including: the Data SecurityStandard (DSS), Payment Application Data Security Standard (PA-DSS),and Pin-Entry Device (PED) Requirements.

All of the five founding members have agreed to incorporate the PCI DSS as the technical requirements of each of their data security compliance programs. Each founding member also recognizes the QSAs and ASVs certified by the PCI Security Standards Council as being qualified to validate compliance to the PCI DSS.

A Limited Liability Corporation (LLC) chartered in Delaware, USA, the PCI Security Standards Council was founded by American Express, Discover Financial Services, JCB International, MasterCard Worldwide, and Visa Inc..

All five payment brands share equally in the council's governance, have equal input to the PCI Security Standards Council and share responsibility for carrying out the work of the organization. Other industry stakeholders are encouraged to join the group and review proposed additions or modifications to the standards.
Executive Committee - PCI SSC
  • Seana Pitt, Vice President, Merchant Policy & Data Quality, American Express
  • Suzanne Smits, Vice President, Network Services, Discover Financial Services
  • Lib de Veyra, Vice President, Emerging Technologies, JCB International
  • Bruce Rutherford, Group Head, Fraud Management Solutions, MasterCard Worldwide
  • Lance Johnson, Senior Vice President, International Risk Management, Visa Inc.
From Digital Transaction News, earlier today:

Online PIN debit continues to move from concept to reality in the early months of 2009.  HomeATM ePayment Solutions announed its PIN pad and point-of-sale device, the Safe-T-PIN, has achieved certification under the Payment Card Industry PIN Entry Device (PED) 2.0 standard.

The device, which attaches via a USB connection to PCs to allow consumers to make PIN debit transactions on Web sites and to do person-to-person money transfers online, is the first of its kind to win PED 2.0 certification. For more on HomeATM, click here

Editor's Note: To learn more about a software based solution, which is NOT PCI certified (and never CAN be) click any of the related articles below...

PIN Entry Devices

To gain approval by PCI Security Standards Council, PIN entrydevices must comply with the requirements and guidelines specified inthe following documents. Vendors preferring to complete formselectronically should download the appropriate documents.

Listing of PCI Security Standards Council Approved PIN Entry Devices

Payment Card Industry Resources

  • Testing and Approval Program Guide (PDF)
Security Requirements
Evaluation Vendor Questionnaires
  • General Frequently Asked Questions (PDF)
  • Technical Frequently Asked Questions** (PDF)
  • Technical Frequently Asked Questions 2.0** (PDF)
Derived Test Requirements
Payment Card Industry (PCI) Recognized Laboratories
PED AnnouncementsFor questions please contact,

Reblog this post [with Zemanta]

India's ICICI Selling ATM/POS Networks?

Finextra: ICICI considers spinning off ATM and POS networks - report

TSYS and First Data Interested

According to, India's ICICI Bank is looking into spinning off its network of ATMs and payment terminals to a separate company and has sounded out technology vendors about joining the new entity.

According to the Economic Times, Visa, Total System Services and First Data are among those to have expressed interest in participating in the new business, managing ICICI's network of 4000 cash machines and 200,000 POS terminals.


Reblog this post [with Zemanta]

11% of US Adult's Use Twitter - Pew

According to a recent report from thePew Internet & American Life Project, some 11 percent of the population had used Twitteror similar micro-blog personal update services by December 2008.

This represents a 22-percent, one-month leap in usage from November 2008.

If you'd like to follow this blog on Twitter,
click below:

"Overall, Twitter users engage with news and own technology at thesame rates
as other Internet users, but the ways in which they use thetechnology -- to communicate, gather and share information -- revealstheir affinity for mobile, untethered and social
opportunities forinteraction," the Pew project said in a release.

Alook at the demographic profile
of Twitter users as a whole reveals
some additional details about who uses Twitter and how they communicateand consume information.

As noted above, Twitter users areoverwhelmingly young. However, unlike the majority of otherapplications with a similarly large percentage of youth...

Twitter use isnot dominated by the youngest of young adults.  Indeed, the median ageof a Twitter user is 31.

In comparison, the median age of a MySpaceuser is 27, Facebook user is 26 and LinkedIn user is 40.7

Twitterusers are slightly more racially and ethnically diverse than is thefull U.S. population, most likely because they are younger – andyounger Americans are a more ethnically and racially diverse group thanis the full population.

Twitter users are also slightlymore likely
to live in urban areas, with 35% of Twitter users living inurban areas (compared to 29% of all internet users) and just 9% ofTwitterers and status updaters living in rural areas, compared to 17%of internet users.

"Twitter and similar services have been most avidly embraced byyoung adults," Pew said. "Nearly one in five (19%) of online adultsages 18 and 24 have ever used Twitter and its ilk, as have 20% ofonline adults 25 to 34. Use of these services drops off steadily afterage 35 with 10% of 35 to 44 year-olds and 5% of 45 to 54 year-oldsusing Twitter. The decline is even more stark among older Internetusers; 4% of 55-64 year-olds and 2% of those 65 and older use Twitter."

To view the report, click any of the links below:

The iChart above was created by Practical E-Commerce

Twitter and status updating

Reblog this post [with Zemanta]

Disqus for ePayment News