Tuesday, May 19, 2009

HomeATM Featured in "The Nilson Report"

PIN Payments News Blog - May 19th 2009


As daily reports surface (i.e. see today's post: "63% of Websites have "Critical Vulnerability Issues") industry insiders are starting to take notice of our mantra that the web is NOT safe for financial transactions and the slow realization that a software application is not the answer is starting to take a foothold. 

Therefore...we expect 2009 to be a year of migration from the belief that software (inside the browser) is "secure enough" to hardware (outside the browser) is "necessary" for online transactions. There is no other way to "secure" the transaction.  

Hence, HomeATM is starting to make some noise in the Payments Industry.  Here's a quick review of what has transpired since February:


  • Several other publications covered our PCI 2.0 Certification, including but not limited to: CNET, The Paypers, ISO & Agent, BusinessWeek and Fortune


This time, HomeATM is being featured by the respected Payment News Authority, "The Nilson Report

HomeATM is awaiting approval to bring you what The Nilson Report had to say about HomeATM's secure 2FA (two factor authentication) 3DES end-to-end encrypted, protected by DUKPT PCI 2.0 Certified Pin Entry Device.

Upon approval, look for The PIN Payments News Blog to bring you the coverage right here....






Reblog this post [with Zemanta]

63% of Websites Have Critical Vulnerabilty Issues

Report: Over 60 Percent of Websites Contain Serious Vulnerabilities - DarkReading

Newly released client data from White Hat Security finds organizations are slow to close known security holes in their Websites  By Kelly Jackson Higgins | DarkReading

Most Websites harbor at least one major vulnerability, and over 80 percent of Websites have had a critical security flaw, according to new data released today by WhiteHat Security.

The Website vulnerability statistics, based on Website vulnerability data gathered from WhiteHat's own enterprise clients, show that 63 percent of Websites have at least one high, critical, or urgent vulnerability issue, and there's an average of seven unfixed vulnerabilities in a Website today.
"What we know from this report is that the Web is at least this insecure," says Jeremiah Grossman, CTO of WhiteHat.

Editor's Note:  I know I've been saying this for about a year now on this blog, but the web is NOT secure.  So why are we "Typing" our PAN's and soon to be "clicking" our PINs into boxes located on merchants websites?
  If 63% of websites have a "critical" security flaw/vulnerability, then financial transactions should be done "outside" the browser space right?  Take into account that 70% of websites were the victim of a hack attempt, and that leaves us with a 30% chance our "supposedly valuable financial information" WON"T get stolen.  Financial Transactions, "especially" PIN transactions MUST be End-to-End Encrypted and the only way to do that is via a hardware device which "transacts" OUTSIDE the browser space. 

Does that make sense to anyone else besides myself?  Chime in!  
The article continues:
The top ten classes of vulnerabilities hasn't changed much from WhiteHat's findings in the fourth quarter of 2008. The pervasive cross-site scripting (XSS) flaw still leads the pack as the most likely vulnerability in a Website, with a 65 percent chance that a Website has XSS bugs, followed by information leakage, with 47 percent.

And the average number of vulnerabilities per Website over its lifetime is 17, according to WhiteHat's data.

"Customers are fixing large swaths of vulnerabilities, but it's really tough to wipe out 100 percent of vulnerabilities, even by class and severity," Grossman says. "And even if you fix nine of 10 cross-site scripting vulnerabilities, you still have one. That's why the percentage of sites likely to have cross-site scripting vulns is" so high, he says.

And all it takes is one XSS vulnerability for an attacker to do his dirty work, he says.


Around 30 percent of Websites are likely to contain content spoofing bugs; 18 percent, insufficient authorization; 17 percent, SQL injection; 14 percent, predictable resource location; 11 percent, session fixation; 11 percent, cross-site request forgery (CSRF); 10 percent, insufficient authentication; and 9 percent, HTTP response-splitting flaws, according to WhiteHat's latest counts.

Continue "Dark Reading"







Reblog this post [with Zemanta]

Trends in Debit, Credit and Prepaid Report Available from VRL

Also Available: "Cards and Payments in Asia-Pacific" (see below)

With prepaid card use expanding throughout Europe, and continued innovation in debit cards issuance despite the financial crisis, are you making the most of your card products?

Penny pinching at the payment networks

Visa and MasterCard's latest quarterly results starkly illustrate how debit is continuing to take a bigger share of payments worldwide, with Visa's debit volumes in the US surpassing credit volumes for the first time. Both networks have offset drops in volumes by cutting costs, with marketing being one of the key activities hit in this quarter.

Are you expected to pick up more of the work? Are you following best practice? Trends in debit, credit and prepaid direct marketing report uses case studies from the industry to illustrate how to use your engagement channels for maximum ROI.

Standard Chartered launches 'JustOne' card in Asia-Pacific.

The 'JustOne' card, a debit, credit and ATM card, is targeted at consumers under 30, a demographic covering over 30% of the Malaysian population. The bank has said that it expects the card to bring in 50,000 new cardholders within the next 12 months and help expand its market share from 5 to 7% over the next 24 months.

Learn more about best practice in our Cards and payments in Asia-Pacific report.

Union Bank, Travelex issue prepaid Visa card.

Designed so international travellers can take money abroad in card form, the Travelex Cash Passport, a prepaid Visa currency card, aims to improve the quality and utility of the card experience for both existing customers and non-customers, allowing users to travel without the hassle of carrying cash, travellers cheques and cards.

Discover how to maximise your prepaid potential in our report today.

Women Hit Hardest by ID Theft

Amount of Money Lost by US Identity Theft Victims, by Gender, January-February 2009 (% of respondents)

Identity Theft Hits Women Hardest

Who is most affected by identity theft, who commits the crime and how can people protect themselves?  When it comes to the theft of personal information, women beware.  According to a study by Affinion Security Center, 17% percent of female identity theft victims have lost $1,000 or more due to the crime, versus only 10% of males.
In addition, more men (61%) avoided losing money than women (53%).
The good news is that most of the cases of identity theft were solved, although some were solved faster than others.
Forty-two percent of cases were closed in less than one week, 20% took between one week and one month and 13% took two months to six months.


Even so, if you are a victim of identity theft, chances are you will never know who did it.
A survey from the Identity Theft Assistance Center (ITAC) found that 72% of victims had no idea know who stole their personal information.
Of those that did, most cases (26.5%) were committed by friends, relatives or in-home employees who had access to personal information. Next came computer-related fraud (21.6%), lost or stolen wallets, checkbooks and credit card accounts (15.1%) and mail fraud (11.6%)


How can consumers protect themselves?

Amount of Time It Took to Get Their Identity Restored According to US Identity Theft Victims, by Gender, January-February 2009 (% of respondents)

Measures taken by respondents to the Affinion survey to keep their identities secure included:
  • Shredding documents before disposal
  • Monitoring credit card accounts
  • Keeping personal information locked in a safe
Anne Wallace, ITAC president, suggests keeping data in the home and workplace in secure locations, monitoring accounts for unusual activity, updating anti-virus software and upgrading browser and operating systems.
Protect your brand. Get the digital marketing and media information you need. Look into an eMarketer Total Access subscription today. 


eCommerce Forecast: Cloudy with Data Not in the Clear

Editor's Note:  I read this article and it occurred to me that these "type" of articles are part of the problem.  They tell you to pick a "secure" password and "never give out your password" to phishers.  I suppose that's good advice, but that won't help you if someone either "keylogs" your username/password or fools you into thinking you are at the real online banking site when, in reality, you are at a "cloned" one.  Why does a blatantly clear problem need to be "magnified" in order to "see" that the best way to log-in to an online banking site is to swipe your card and enter your PIN outside the browser space whereby it is 3DES end-to-end encrypted by the ONLY PCI 2.0 Certified PIN Entry Device specifically designed for eCommerce and authentication use.  Average Cost of a Phishing Attack.  $350...Average Cost of our device: $12  Do the math.  At the end of the day, passwords are obsolete and articles like the one below need to start messaging that fact...in the meantime, I guess that's my job!

Source: msokorea
Complete item: http://www.msokorea.com/personal-finance/0,6600,404400,00.html

Description:
It is now possible to pay bills, move money between accounts, set up direct debits and standing orders, and even apply for overdrafts and credit all from your own home, all online and on your own PC.

Despite this convenience, for many people there is still a lingering mistrust of the technology involved : will your money be safe if you bank online? The answer is, for the most part, yes - so long as you follow a few basic principles.

Firstly, if you have the option to choose your own password for online services, then make sure that the password you decide on is secure. (Editor's Note: Since "secure password" is an oxymoron, a good password might be "Jumbo Shrimp" )This means that it shouldn't be easily guessable - avoid using the name of your pet or child, for example, and don't use the numbers of your birthday. An ideal password should be easily memorable, but hard to guess, and using a combination of letters and numbers is highly recommended. For example, a good password could be the name of a food you hate, along with a number that is significant in some way to you - e.g. mushrooms37. Such a password would be almost impossible for someone to guess, but will also be very easy for you to remember.

One the subject of passwords, it's vital that you never give out your personal details in response to a 'phishing' attack. (Editor's Note:  I would say "never give out your personal details period, and the best way to make sure you don't is by swiping, not typing)  Phishing is a subject worthy of it's own article, but in brief: if you receive an email purporting to be from your bank, asking you to reconfirm your details or to log into your account urgently, then ignore it. It will NOT have been sent by your bank, but by fraudsters attempting to steal your identity.

Another important security measure is to avoid logging in to your online banking service on a publicly accessible computer - for example, at work or in an internet.   You can never be sure what details about your internet use are being stored on a PC you don't own, and even if you log out of the service when you've finished it's highly possible that the next user of the machine could, with effort, discover your details and log on to your account.  (Editor's Note:  EVERY computer is "publicly accessible" even the one in your house.  It's just that the "pubic" is more accurately defined as "hackers".)

Remember:  When it comes to hackers:  You type, they swipe...but when "You" swipe, you're nt their type."

Reblog this post [with Zemanta]

American Express Eliminates 4000 Jobs to Save $800M

AmEx Targets $800 Million in Cost Cuts - WSJ.com
American Express Co., reeling from rising defaults and delinquencies on its credit cards, unleashed its second big round of job cuts in a move aimed at saving $800 million this year.

The New York company said it would eliminate 4,000 jobs, or 6% of its work force, mostly though layoffs. The layoffs, which will save $175 million, come on top of 7,000 job cuts AmEx announced in late October.

About $500 million in additional savings will come from cutbacks in marketing and business development. ...

Continue Reading at WSJ (subscription required)


US eCommerce Climbs 0.7% in Q1 2009 to USD $31.7 billion


Notice of Revision
:Quarterly retail e-commerce estimates were revised based on the resultsof the 2007 Annual Retail Trade Survey. Not adjusted and adjustedestimates were revised for fourth quarter 1999 through fourth quarter2008.


TheCensus Bureau of the Department of Commerce announced today that theestimate of U.S. retail e-commerce sales for the first quarter of 2009,adjusted for seasonal variation, but not for price changes, was $31.7billion, an increase of 0.7 percent (±1.1%)* from the fourth quarter of2008. Total retail sales for the first quarter of 2009 were estimatedat $909.6 billion, a decrease of 1.8 percent (±0.4%) from the fourthquarter of 2008. The first quarter 2009 e commerce estimate decreased5.4 percent (±2.5%) from the first quarter of 2008 while total retailsales decreased 10.2 percent (±0.4%) in the same period. E-commercesales in the first quarter of 2009 accounted for 3.5 percent of totalsales.

On a not adjusted basis, the estimate of U.S. retail e-commerce sales for the first quarter of 2009 totaled $30.2 billion, a decrease of 17.7 percent (±1.1%) from the fourth quarter of 2008. The first quarter 2009 e-commerce estimate decreased 5.7 percent (±2.5%) from the first quarter of 2008 while total retail sales decreased 11.6 (±0.5%) in the same period. E-commerce sales in the first quarter of 2009 accounted for 3.6 percent of total sales.
Estimated Quarterly U.S. Retail E-commerce Sales as a Percent of Total Quarterly Retail Sales:
4th Quarter 1999–1st Quarter 2009

Percent of Total
The Quarterly Retail E-Commerce sales estimate for the second quarter of 2009 is scheduled for release on August 17, 2009 at 10:00 A.M. EDT.

For information, visit the Census Bureau's Web site at <http://www.census.gov/mrts/www/ecomm.html>. For additional information about Census Bureau e-business measurement programs and plans visit <http://www.census.gov/estats>.

* The 90% confidence interval includes zero. The Census Bureau does not have sufficient statistical evidence to conclude that the actual change is different from zero.
Table 1.     Estimated Quarterly U.S. Retail Sales: Total and E-commerce1
(Estimates are based on data from the Monthly Retail Trade Survey and administrative records.)
(p) Preliminary estimate. (r) Revised estimate.
1E-commerce sales are sales of goods and services where an order is placed by the buyer or price and terms of sale are negotiated over an Internet, extranet, Electronic Data Interchange (EDI) network, electronic mail, or other online system. Payment may or may not be made online.
2Estimates are adjusted for seasonal variation, but not for price changes. Total sales esimates are also adjusted for trading-day differences and moving holidays.
Note: Table 2 provides estimated measures of sampling variability. For information on confidentiality protection, sampling error, nonsampling error, sample design, and definitions, see www.census.gov/mrts/www/nrely.html.
Table 2.     Estimated Measures of Sampling Variability for Quarterly U.S. Retail Sales Estimates: Total and E-commerce
(Estimates are shown as percents and are based on data from the Monthly Retail Trade Survey.)
(p) Preliminary estimate. (r) Revised estimate. (Z) Estimate is less than 0.05%.
Note: Estimated measures of sampling variability are based on data not adjusted for seasonal variation, trading-day differences, ormoving holidays, and are used to make confidence statements about both adjusted and not adjusted estimates. For information on confidentiality protection, sampling error, nonsampling error, sample design, and definitions, see www.census.gov/mrts/nrely.html.

 Table 3.    Estimated Quarterly U.S. Retail Sales (Adjusted1): Total and E-commerce2
(Estimates are based on data from the Monthly Retail Trade Survey and administrative records.)
NA Not Available. (p) Preliminary. (r) Revised
1Estimatesare adjusted for seasonal variation, but not for price changes. Totalsales estimates are also adjusted for trading-day differences andmoving holidays.
2E-commerce sales are sales of goods and services where an order is placed by the buyer or price and terms of sale are negotiated over an Internet, extranet, Electronic Data Interchange (EDI) network, electronic mail, or other online system. Payment may or may not be made online.
Note: For information on confidentiality protection, sampling error, sample design, and definitions, see www.census.gov/mrts/www/nrely.html.
Table 4.     Estimated Quarterly U.S. Retail Sales (Not Adjusted): Total and E-commerce1
(Estimates are based on data from the Monthly Retail Trade Survey and administrative records.)
NA Not Available. (p) Preliminary.
1E-commerce sales are sales of goods and services where an order is placed by the buyer or price and terms of sale are negotiated over an Internet, extranet, Electronic Data Interchange (EDI) network, electronic mail, or other online system. Payment may or may not be made online.
Note: For information on confidentiality protection, sampling error, nonsampling error, sample design, and definitions, see www.census.gov/mrts/www/nrely.html.


Survey Description
Retail e-commerce sales are estimated from the same sample used for the Monthly Retail Trade Survey (MRTS) to estimate preliminary and final U.S. retail sales. Advance U.S. retail sales are estimated from a subsample of the MRTS sample that is not of adequate size to measure changes in retail e-commerce sales.

A stratified simple random sampling method is used to select approximately 12,500 retail firms whose sales are then weighted and benchmarked to represent the complete universe of over two million retail firms. The MRTS sample is probability based and represents all employer firms engaged in retail activities as defined by the North American Industry Classification System (NAICS). Coverage includes all retailers whether or not they are engaged in e-commerce. Online travel services, financial brokers and dealers, and ticket sales agencies are not classified as retail and are not included in either the total retail or retail e-commerce sales estimates. Nonemployers are represented in the estimates through benchmarking to prior annual survey estimates that include nonemployer sales based on administrative records. E-commerce sales are included in the total monthly sales estimates.

The MRTS sample is updated on an ongoing basis to account for new retail employer businesses (including those selling via the Internet), business deaths, and other changes to the retail business universe. Firms are asked each month to report e-commerce sales separately. For each month of the quarter, data for nonresponding sampling units are imputed from responding sampling units falling within the same kind of business and sales size category. Responding firms account for approximately 85 percent of the e-commerce sales estimate and about 80 percent of the estimate of U.S. retail sales for any quarter.

For each month of the quarter, estimates are obtained by summing weighted sales (either reported or imputed). The monthly estimates are benchmarked to prior annual survey estimates. Estimates for the quarter are obtained by summing the monthly benchmarked estimates. The estimate for the most recent quarter is a preliminary estimate. Therefore, the estimate is subject to revision. Data users who create their own estimates using data from this report should should cite the Census Bureau as the source of the input data only.

France eCommerce Growth for Q1 = 26%

View of the Eiffel TowerFrance Sees Q1 eCommerce Growth 

France's Q1 2009 eCommerce market grew 26 percent to EUR 5.6 billion.   2008 Q1 growth was 30 percent according to statistics released by trade associationFevad


There are currently 52,000 French eCommerce websites, with 12,000 sites being added to the 40,000 they counted in their numbers last year. 

Online shoppers instigated 55 million card-based transactions up 35 percent, with an average of EUR 89 spent pertransaction which was down 5 percent over EUR 94 last year.




Reblog this post [with Zemanta]

Disqus for ePayment News