Tuesday, April 7, 2009

HomeATM in the News

Click the Graphic on the Left
to Read About HomeATM in the latest edition of ATM&Debit News

HomeATM's PCI 2.0 PED Certification Provides the following benefits:

Card Present Rates
in a Card Not Present World!

PIN Debit Interchange Rates!
Dual Authenticaton!

15 Times More Convenient
than Typing in 14-16 Card Number Digits, Expiration Dates and CVV Codes!

Effectively Removes Internet Retailers from the Scope of PCI DSS Potentially Saving Them 100's of Thousands of Dollars!  (Same with Financial Institutions, only they could save million$)

End to End Encryption |Triple DES | DUKPT Key Management | Security

Exponentially Advanced Log-In, Authentication Platform for Online Banking!

Reblog this post [with Zemanta]

Home(r)ATM Would Eliminate Cloning Altogether!

In this ISR News post, it is reported that Credit Card Cloners Stole 3.5 million.

In a nutshell, that's 3.5 Million reasons for using HomeATM's SafeTPIN device.   Without the PIN, a cloned card would be useless.  So would DNS hijacking (redirecting you to a cloned website).  No username/password, instead Swipe your Card, Enter your PIN.  They wouldn't receive the data...unlike the username/password, which they would receive.

In fact, cloning wouldn't be an "issue" (pun intended) at all, if online merchants employed the HomeATM True PIN Debit solution. 

Come to think of it neither would the over exorbitant "Card Not Present" rates...oh...and an end-to-end encryption methodology is certainly an added benefit.  Don't let me forget convenience.  If I can swipe my card 14-16 times faster than entering 14-16 digits from my credit or debit card, then I consider it to be 14-16 times more convenient.  You?  And yes, we do credit...and yes...it would be at "card present" credit card rates.  Any questions?

ISR News: Credit Card Cloners Steal £3.5m
April 7, 2009 by ADMIN

Excerpts From Finextra.com

A gang of five fraudsters who ran a global credit card cloning ring out of a London flat stole £3.5 million in just a few days, a court heard yesterday.

Prosecutor Ben Fitzgerald told Southwark crown court that police found fake cards and counterfeiting technology in the London flat.

The accused allegedly went on a spree between 28 September and 8 October last year as Barclaycard migrated cardholders from the Goldfish credit card business it acquired from Discover Financial Services earlier in the year.

Computer software found in the flat was used to make fake cards before the gang stole £3.5 million, with £645,000 spent on the cards in Britain alone, the court heard.

Khi-San Voong, 46, Qiu Yeu, 46, Qiang Xue, 34, and Dauy Chung, 40, all of Walworth, deny conspiracy to defraud. Cai Caixa, 27, pleaded guilty.

The trial continues

Reblog this post [with Zemanta]

I Have a Present For You! And a Card!

Card Present vs. Card Not Present

Before you accuse me of luring you to this post with the promise of a "present" and a "card" simply fill out the poll on the right and send me your email and shipping address. You'll get your "card present" enabling SAFETPIN device for free. Take a look at the right sidebar or above for more details.

A recent post by Ed Kountz at the Forrester Blog which made me realize that one of the biggest impacts of a utilizing a hardware vs. software device is simply this. Interchange.

HomeATM is the only company in the world which can provide e-tailers with a PCI 2.0 PED and thus "card present" TRUE PIN Debit rates. Why do I say true? Because our transactions are conducted in the same manner as a traditional retail location.

In addition, because our device is "ALREADY" PCI 2.0 PED certified, and employs DUKPT key management, we would effectively remove e-tailers from the scope of PCI DSS as no cardholder data is transmitted during the transaction.

Once the consumer has our low cost device, they become a "card present" buyer. They swipe their card, they enter their PIN and therefore the e-merchant benefits from not only dual-authentication, but also benefit from significantly lower interchange fees.


$200 order at Amazon. Card Not Present Rate: 2% + .25 cents = $4.25
$200 order at Amazon Card Present/ PIN Authenticated: = .75 cents. Savings = $3.50 (In this example an 88% savings!)

Now, add security, (PCI 2.0 PED) add convenience (isn't swiping the card 14 to 16 times faster than typing in your 14-16 digit card number?) deduct chargebacks, add familiarity (don't you swipe your card in the store) and our SafeTPIN s a compelling value proposition.

On the flip side, a software based PIN Debit application would still be a "card not present" transaction. The CNP PIN rate doesn't exist, but the EFT networks could create one. Of course, it will be exorbitantly higher than a Card Present PIN transaction. Remember when transactions were done with the device pictured on the left? Well unlike that device, HomeATM's SAFETPIN is built for the long run...and provides safer, more secure and thus lower rates.

So at the end of the day, our device (which is also EMV ready) is built with both the consumers, banks and merchants in mind. A software application is built with only the EFT Switches in mind. So it's no wonder the EFT switches are backing it. It's like Microsoft paying people to use Live Search with their Cashback program. The EFT switches are getting paid to push a software application. But what will be the public's uptake? And where's the benefit to the merchants? A tiny savings on Interchange...in exchange for a higher risk of liability in the instance of a breach? It's all interesting. I would think that the merchants would want a bigger savings and less risk, which is what HomeATM's PCI 2.0 PED provides. Wouldn't you? We'll see...

Here's the article showing the pent up frustration with Interchange Fees from the NRF, the NGA and NACCS. (The Big 3) They are all bricks and mortar organizations and are still throwing a fit about Interchange Rates. When will the Internet Retailer 500 band together and start demanding that they at least be afforded the opportunity to enjoy the rates the "Big 3" are unhapppy with.

Transacting Value: The Impact of Credit Industry Challenges on Card Marketing
Ed Kountz - April 6th 2009

Early on in this blog, I predicted that 2009 would see an increase in the number and stridency of calls for reforms to the U.S. credit card market, particularly in terms of types and amounts of acceptable fees. The Federal Reserve’s December 2008 card industry changes certainly made clear that this was happening. But now, the long-simmering brew appears to be spreading.

Two recent events serve to validate the premise:

--The National Retail Federation (NRF), the National Grocers Association (NGA) NACCS Angle Against Interchange. Recently, the NRF, NGA and NACCS -- together, the big three of retail associations -- recently held what their release billed as a “telephonic press conference” announcing the creation of “unfaircreditcardfees.com,” as well as an associated public interest campaign, to encourage consumers to press legislators for reforms to the “unfair and hidden credit card fees called “interchange””. This approach muddles the issue, in my opinion, as it uses language that ties the interchange dispute to consumers’ raw emotions at the account-fee issue, without identifying the (basic but relevant) differences in those topics. Whatever the ultimate impact, the directness of the appeal is impossible to miss.

--Senate Banking Committee Approves Card Reforms. On March 31, the Senate Banking Committee gave one-vote approval to measures designed to rein in certain credit card industry practices. The bill would include most of the Federal Reserve Rule changes passed in December, such as bans to universal default and double cycle billing, but would add fee restrictions and protections for borrowers under 21. Bill sponsor Chris Dodd said he was going to work over the recess to garner “broad support” for the effort.

As recent delinquency trends suggest, economic conditions continue to impact credit card usage and growth at a macro level. But increased scrutiny of long-held credit card industry practices will add additional pressure to an industry already feeling the strains.

Continue Reading at the Forrester Blog for eBusiness & Chennel Strategy Profressionals

, , , , , , ,

Reblog this post [with Zemanta]

ID Cards Could Be Fitted with Chip and PIN Technology to Combat Fraud

The Press Association: ID cards 'could use chip and pin'
ID cards could be fitted with chip and pin technology to help combat identity fraud. The head of the Government agency tasked with producing the cards said there were no "technical obstacles" to adding chips to the cards and handing out pin numbers. James Hall, chief executive of the Identity and Passport Service said adding chips might allow the cards to be used in ATM machines in the future.

Officials are also looking at chip and pin as a possible way to help combat online fraud and help protect internet shoppers.

It also emerged the Home Office has issued half as many ID cards for foreign nationals in the first four months than expected.

When the card was launched in late November ministers predicted that between 40,000 and 50,000 non-EU nationals would have cards by the end of last month. But by the end of last week 22,500 cards had been issued. Mr Hall said they had encountered "the odd wrinkle" in the system but overall it had worked "pretty well".

A spokesman for the UK Border Agency (UKBA) said 42,000 foreign nationals had been through the enrollment process and had their biometric details taken. Mr Hall said he was looking at how ID card holders could "assert their identities" online when the card is rolled out.

He said: "One of the reasons for the format of the card is we have the opportunity to put it in to card readers and potentially use it in existing networks such as the ATM network.

One of the issues on the table is whether we should introduce chip and pin technology in to the card. There are no technical reasons why we couldn't do that." Editor's Note: In fact, HomeATM's SAFETPIN is EMV ready (smart card, chip ready) Which brings up a question. How would a software PIN Debit application work in an EMV environment? If you know, comment below...lol!

Reblog this post [with Zemanta]

SizzleMoney Offers Mobile Banking to Immigrants

I blogged about SizzleMoney about a week ago, but here's an excerpt from a good article in this morning's American Banker...

Prepaid Account Offers Mobile Banking Service to Immigrants

By Will Hernandez
American Banker | Tuesday, April 7, 2009

Denarii Payments Inc. of Atlanta has developed a mobile phone-linked prepaid product called SizzleMoney that is initially targeting Hispanic immigrants.

People can use the product to send one another money by text message, access funds in their SizzleMoney accounts with a prepaid debit card and make purchases at the point of sale with their phones.

"It's basically mobile cash," said Donald Baggett, Denarii's founder and chief executive officer.

Denarii said SizzleMoney will appeal to immigrants, who often use their mobile phones as their primary method of communication.

The SizzleMoney account features debit cards bearing the logos of the Maestro, Pulse, Star and Cirrus debit networks. The cards can be used to make PIN debit purchases and to make withdrawals at automated teller machines. Customers can upgrade to MasterCard Inc.-branded debit cards.

Central National Bank of Enid, Okla., issues the cards and its Interactive Transaction Services subsidiary processes the transactions.

Continue Reading at American Banker

Will Hernandez is the associate editor of ATM&Debit News.

Reblog this post [with Zemanta]

NACHA - 18.2 Billion ACH Payments in 2008

ACH Transaction Volume up by 1.2 Billion Payments - Despite Economic and Industry Pressures
Consumer ACH Bill Payments Made via Internet near $1 Trillion

Orlando Florida: PIN Payments News: The number of ACH payments in 2008 topped 18.2 billion, representing an increase of 1.2 billion over 2007, according to statistics released today by NACHA - The Electronic Payments Association at its PAYMENTS 2009 conference.

"Consumers, businesses, and government are continuing to embrace the safe, smart, and green attributes of ACH payments and choosing electronic over paper," said Janet O. Estep, NACHA president and chief executive officer. "Despite the overall economy slowing in 2008, the ACH Network continues to see positive growth."

The portion of ACH payment volume passing through the ACH Operators grew in 2008 to nearly 15 billion transactions. The number of ACH Network transactions in 2008 was 14,960,689,587, which is 7.1 percent more than 2007. The dollar value of these payments was $29.96 trillion, an increase of 4 percent over 2007.

Internet Payments

Internet-initiated ACH debits (WEB) experienced robust growth in 2008, increasing by 19.7 percent to almost 2.1 billion payments. When combined with consumer-initiated credit payments (CIE), the dollar value of consumer ACH payments made via the Internet is nearing $1 trillion annually ($939 billion in 2008).

Business-to-Business (B2B) Payments/Financial EDI

More than 1 billion EDI-formatted addenda records were transmitted across the ACH Network in 2008, a 14.6 percent increase over 2007. Businesses use EDI-formatted addenda records to send and receive invoice- and other payment-related information. The volume of CTX payments, which can carry up to 9,999 addenda records, increased by 16.1 percent, and the number of CCD payments carrying an addenda record increased by 17.9 percent.

Back Office Conversion (BOC)

In its first full year of availability, the newest e-check transaction - BOC - grew by 1,772 percent in 2008 to a total of 78,460,461 payments. This volume is comparable to the original Point-of-Purchase (POP) check conversion application when accounting for the significant decline in consumer check-writing over the past eight years. At the same time period after its introduction, the annualized volume of POP transactions was 101 million; however, consumer check-writing has been declining during this time period by about 4 percent per year.

Federal Government Payments

The Federal government used the ACH Network for more than 30 million Direct Deposits as part of 2008's economic stimulus package. This contributed to an overall growth of Federal government ACH payments of 10.2 percent, to 1,145,895,074 payments in 2008. According to the Financial Management Service, the Federal government saves $0.925 for every Direct Deposit that replaces a check payment. With over 1 billion Direct Deposits, the Federal government saved at least $925 million in 2008 by using the ACH Network.

Network Risk and Quality Indicators

The most significant ACH Network risk and quality indicators improved moderately in 2008. Overall, the rate at which ACH debits are returned as unauthorized declined slightly from 0.041 percent to 0.040 percent, and there were no SEC codes that had a significant increase in its unauthorized rate.

NACHA -- The Electronic Payments Association

NACHA -- The Electronic Payments Association is a not-for-profit association that oversees the Automated Clearing House (ACH) Network, a safe, efficient, green, and high-quality payment system. More than 15,000 depository financial institutions originated and received 18.2 billion ACH payments in 2008. NACHA is responsible for the administration, development, and enforcement of the NACHA Operating Rules and sound risk management practices for the ACH Network. Through its industry councils and forums, NACHA brings together hundreds of payments system stakeholder organizations to encourage the efficient utilization of the ACH Network and develop new ways to use the Network to benefit its diverse set of participants. NACHA represents nearly 11,000 financial institutions through direct membership and 19 regional payments associations. NACHA and its members provide education, tools, and resources to increase the adoption of ACH payments to benefit businesses, consumers, and governments. To learn more, visit www.nacha.org and www.electronicpayments.org.


Reblog this post [with Zemanta]

Online Banking in Ireland Soars

Source: Finextra
Complete item: http://www.finextra.com/fullstory.asp?id=19891


The popularity of online banking in Ireland has soared over the last year, with 2.2 million customers now registered, a 28% increase on the previous year. According to data gathered from financial institutions by the Irish Banking Federation (IBF) and Irish Payment Services Organisation (Ipso), 2.2 million customers were registered for online banking by the end of 2008, up 27.8% on the 1.8 million recorded at the end of 2007. Ireland has a population of around 4.4 million.

In addition, there was a 31.6% rise in the number of Internet payments to 30.7 million - equivalent to 84,000 per day. A 33.6% increase, to 123 million, was also recorded in the number of times customers accessed their account balances online.

Pat Farrell, CEO, IBF, says: "We can see from the data compiled to date that online banking is on a significant growth path in Ireland. Comparative figures for 2007 show that the average user here made 14% more online payments and 20% more online enquiries than his/her UK counterpart. However, in a leading online adopter like Norway the average customer made around three times more payments online - indicating that there is considerable scope for further growth."

Una Dillon, head, card services and communications, Ipso, adds: "Online banking is facilitating the migration from cheques and other paper-based payment methods to electronic payments. The move to electronic payments is vital in ensuring Ireland's competitiveness and efficiency within the wider European market."

Reblog this post [with Zemanta]

Link2Gov for Professional Crastination

Link2Gov: A Procrastinating Federal Taxpayer’s Best Friend

Federal balance-due tax payments accepted at PAY1040.com, BML.PAY1040.com and businesstaxpayment.com

MILWAUKEE--(BUSINESS WIRE)--Link2Gov Corp., a Metavante (NYSE:MV) company and IRS-authorized payment processor since 2003, today is reminding individuals and businesses of their secure, convenient and reliable electronic payment options for settling-up with Uncle Sam before midnight on April 15 — the federal tax deadline. Taxpayers can beat the clock with an electronic payment initiated at any of Link2Gov’s payment portals: www.PAY1040.com, 1-888-PAY-1040 and www.businesstaxpayment.com. Taxpayers with questions about the payment services can reach Link2Gov customer service agents at 1-866-658-5465.

Federal balance-due tax payments initiated through Link2Gov payment services1 are authorized in real-time, with the IRS-recognized payment date being the same date the transaction is successfully completed. Taxpayers receive a transaction confirmation number as an assurance they have completed the payment process. PAY1040.com and businesstaxpayment.com accept American Express®, Discover®, MasterCard®, and Visa® credit and debit cards, as well as debit transactions from cards participating in the NYCE®, PULSE® and STAR® payments networks. New for Tax Season 2009, Link2Gov also accepts Bill Me Later payments at BML.PAY1040.com.

“The key attributes of our federal tax payment programs — speed, convenience and knowing an IRS bill has been instantly paid — become increasingly vital as the deadline closes in on taxpayers,” said Frank D’Angelo, group president, Metavante Payment Solutions, which includes Link2Gov. “Taxpayers choosing Link2Gov services receive peace of mind, and depending on their issuing bank’s card program, the opportunity to earn rewards as well.”

About Metavante

Metavante Technologies, Inc. (NYSE:MV) is the parent company of Metavante Corporation. Metavante Corporation delivers banking and payments technologies to approximately 8,000 financial services firms and businesses worldwide. Metavante products and services drive account processing for deposit, loan and trust systems, image-based and conventional check processing, electronic funds transfer, consumer healthcare payments, electronic presentment and payment, outsourcing, and payment network solutions including the NYCE Network, a leading ATM/PIN debit network. Metavante (www.metavante.com) is headquartered in Milwaukee.

1Link2Gov collects a convenience fee for PAY1040.com, businesstaxpayment.com and BML.PAY1040.com services.

Metavante, NYCE, Link2Gov and Pay1040.com are registered trademarks of Metavante Corporation, which is the principal subsidiary of Metavante Technologies, Inc.

All other trademarks are the property of their respective owners.

Reblog this post [with Zemanta]

A Pain in the Bot!

To further illustrate how dangerous it is to use a personal computer as the conduit to financial transactions, I bring you the following article from the Associated Press, which was reprinted by

And to illustrate even further...I created, well an illustration...depicting the dangers that lurk out there.  (on left)  Let's see...you've got your Zombies and Black Hats, your Snakes and Sniffers, Bots and Hackers and key-logging grifters...

What did Sanford used to tell  Lizbeth?  Oh yeah...Lizbit...here I come..."its the big one!"  Stay tuned.  It'll happen and we'll cover it right here on the PIN Payments News Blog!  Here's some stuff that ought to make you think twice before you enter your primary account number via a keyboard.   Remember, Visa might cover your butt, but you still have to deal with the hassle involved, and that could take weeks, even months.  It's a pain in the bot! 


SAN FRANCISCO — Getting hacked is like having your computer turn traitor on you, spying on everything you do and shipping your secrets to identity thieves.  Victims don't see where their stolen data end up. But sometimes security researchers do, stumbling across stolen-data troves that offer a glimpse of what identity theft looks like from criminals' perspective.

Researchers from U.K.-based security firm Prevx found one such trove, a Web site used as a stash house for data from 160,000 infected computers before it was shut down this month.  The find offers a case study on just how much data criminals are stealing every day, from the utterly inconsequential to the alarmingly private.

It also shows the difficulty in shuttering criminals' ID-theft beachheads: The Web site Prevx found, which was operating on a server in Ukraine, was still online for nearly a month after security researchers alerted the Internet service provider and law-enforcement authorities. The site was sucking up data from 5,000 newly infected computers each day.

The victims in the Prevx find are mostly everyday people handing over their passwords for Facebook and banking sites, along with their love notes and other e-mails. But more dangerous personal information is there, too, including Social Security numbers and other account information from one bank's infected computer.

Caches of stolen data like these are hidden throughout the Internet, usually locked away inside password-protected Web sites or heavily fortified servers. Prevx's researchers were able to infiltrate this site because it was protected with poor encryption.  (Editor's Note:  Isn't that profound.  The hackers had poor encryption...)

In that sense, the find illustrates how even sloppy crooks can vacuum up enormous amounts of information through massive "botnets" — armies of infected computers formed by spreading a computer virus that orders compromised machines to phone home for further instructions, such as sending out spam or relaying passwords.

The botnet Prevx found was only harvesting data, though Prevx said it could have been upgraded to do other things.

Ordinary Internet sessions are logged in great detail. One Southern California 22-year-old could be seen registering a domain name with GoDaddy.com, changing his Yahoo e-mail password and ordering a meal online from Pizza Hut. His credit card number, birth date, telephone number, address and passwords are now all in criminals' hands, though it's unclear what, if anything, criminals have done with the information yet.

Some victims are gold mines for sensitive data.  An infected computer at a Georgia bank exposed customer details and credentials for the bank's wire-transfer system. Bank employees were checking e-mail, looking up BMWs and Infinitis and working with customers' accounts on the same infected machine.

Government computers were also hit, including one in Texas that coughed up Web site logins for one of the government's health care providers, and another in North Carolina that revealed access to an agency's human resources system.

"This is giving criminals the keys to the castle," said Prevx's director of malware research, Jacques Erasmus. "Once they're into this system, it might not seem at this point like it's the biggest data heist ever, but this is how they get into a network. This is their game — they do this every day."

In other words, criminals start small, then use their first point of attack as a way to jump onto more sensitive computers.
Researchers who discover these stolen-data caches then have to figure out what to do with them. Notifying victims is time-consuming and difficult, and researchers tend to focus on trying to get service providers to deactivate the servers before criminals get to the data on them.

Prevx said it alerted the site's Internet provider, the FBI and U.K. authorities about the breach it discovered. The company also talked to the affected bank, Doraville, Ga.-based Metro City Bank, a community bank whose Web site lists four locations, and Prevx said the bank has removed the infected computer.

One customer — Yoon-Kee Hong, a 22-year-old college student from Suwanee, Ga. — had signed up for an account with Metro City Bank just a month before learning about the breach. He said he had not been alerted by the bank that his Social Security number and other personal details were stolen.

After being told about the breach by The Associated Press, which picked his name from the files provided by Prevx, the student said he planned to cancel his account.
  "I cannot trust them any more," he said. "They're not doing what they're supposed to do. They didn't even notify me. It's like they're trying to hide it from their customers."

He later relented and decided to stay with the bank after he was offered a new account and promises of fraud alerts.
  The bank said in a statement that it is notifying customers and is investigating the breach, refusing to comment further. State officials in North Carolina and Texas didn't return calls on the breaches there. The FBI didn't return a call about the breaches.

Such finds are becoming more common as the barrier lowers for crooks to jump into the online identity-theft racket. Top-of-the-line viruses, also known as Trojans, can be had for under $1,000.
  Joe Stewart, a SecureWorks Inc. botnet expert who was not involved in Prevx's research, said that last year, he helped shut down a command-and-control server for a huge botnet that had infected more than 378,000 machines and had stolen more than 460,000 usernames and passwords.

There are countless other smaller botnets, set up by less sophisticated criminals who steal as much data as they can and simply pull up stakes, and do it all over again, once their operation has been detected.
  "The level of amateurness speaks to how widespread it is," Stewart said. "Literally anybody with a little bit of computer knowledge at all, if they have the criminal bent, can get access to one of these Trojans and get it out there and start stealing people's data."

Reblog this post [with Zemanta]

Disqus for ePayment News